Movary Open Redirect Vulnerability in Login Page
Vulnerability
An open redirect vulnerability has been identified in Movary, a web application for tracking and rating movies. This issue exists in versions prior to 0.69.0. The vulnerability arises because the login page accepts a redirect parameter without proper validation, allowing attackers to redirect authenticated users to arbitrary external sites. Exploitation of this vulnerability could lead to phishing attacks, credential theft, or malware distribution.
Impact
Exploitation of this vulnerability could result in phishing attacks, where users are tricked into providing their credentials, or in the distribution of malware.
Reproduction
To reproduce this vulnerability, log into the application and include a redirect parameter in the login request. The parameter can be set to an external URL, such as a phishing site. After logging in, the user will be redirected to the specified URL, demonstrating the open redirect behavior.
Remediation
Users can update to Movary version 0.69.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.