Vulnerability Details CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.8%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-45169
-
cpe:2.3:a:liveboxcloud:vdesk:-
-
cpe:2.3:a:liveboxcloud:vdesk:018
-
cpe:2.3:a:liveboxcloud:vdesk:031