Reflected XSS Vulnerability in Umbrel Home Server OS
CVE-2024-49379
Key Information:
- Vendor
Umbrel
- Status
- Vendor
- CVE Published:
- 13 November 2024
Badges
What is CVE-2024-49379?
The Umbrel Home Server OS prior to version 1.2.2 is susceptible to a reflected cross-site scripting vulnerability found in the login functionality. An attacker can exploit this weakness by crafting a malicious redirect query parameter, resulting in the execution of arbitrary JavaScript code. This occurs once the user enters their credentials and submits the login form, potentially leading to unauthorized access and compromise of user information. Users are advised to upgrade to version 1.2.2 to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.