Primary

Context

Blitz Panel Open Redirect Vulnerability in Login Endpoint

Vulnerability

A open redirect vulnerability has been identified in Blitz Panel version 1.17.0, specifically within the login endpoint. The issue arises because the application does not properly validate the 'next_url' parameter after authentication. This flaw allows attackers to create malicious login URLs that redirect authenticated users to external domains controlled by the attacker, potentially leading to phishing attacks or theft of session tokens.

Impact

Exploitation of this vulnerability could result in phishing attacks, unauthorized access to session tokens, or redirection of users to malicious websites.

Remediation

Users can upgrade to Blitz Panel version 1.18.1 to address this vulnerability.

Added: Dec 24, 2025, 5:39 PM

Updated: Dec 24, 2025, 5:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.7

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.7

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blitz Panel Open Redirect Vulnerability in Login Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating