Primary

Context

LORIS Open Redirect Vulnerability in Login Redirect Parameter

Vulnerability

An open redirect vulnerability has been identified in LORIS (Longitudinal Online Research and Imaging System) versions prior to 27.0.3 and 28.0.0. The issue arises because the application did not properly validate the redirect parameter during the login process. This lack of validation allowed users to be tricked into visiting arbitrary URLs by including a third-party redirect parameter in the login link.

Impact

Exploitation of this vulnerability could lead to open redirect, allowing users to be redirected to malicious sites.

Remediation

Users can upgrade to LORIS version 27.0.3 or 28.0.1 and above to address this vulnerability.

Added: Apr 9, 2026, 7:11 PM

Updated: Apr 9, 2026, 7:11 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LORIS Open Redirect Vulnerability in Login Redirect Parameter

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating