CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 5.8

References

https://cxsecurity.com/issue/WLB-2019120132
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php
https://cxsecurity.com/issue/WLB-2019120132
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php

Products affected by CVE-2020-21998

Homeautomation Project » Homeautomation » Version: 3.3.2

cpe:2.3:a:homeautomation_project:homeautomation:3.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-21998

Products

Pricing

Contact Us