An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Volo.Abp.Account.Web(NuGet) | 5.1.0 | 10.0.0-rc.2 | N/A |
CVSS Metrics
