Primary

Context

Cradle eCommerce Open Redirection Vulnerability

Vulnerability

An open redirection vulnerability has been identified in the latest demo version of the Cradle eCommerce platform. This issue arises in the login form endpoint, where the 'returnUrl' parameter is accepted without proper validation, allowing for unauthorized redirection. As a result, users can be misled from a legitimate website to external malicious pages without their awareness.

Impact

Exploitation of this vulnerability could lead to open redirection, allowing attackers to redirect users from a trusted site to a malicious one.

Remediation

The vulnerability has been fixed in the latest version of Cradle eCommerce.

Added: May 8, 2026, 12:22 PM

Updated: May 8, 2026, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cradle eCommerce Open Redirection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating