{
  "id": "CVE-2024-25559",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-02-15T05:15:10.870",
  "lastModified": "2024-02-15T06:23:39.303",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de suplantaci\u00f3n de URL en a-blog cms Ver.3.1.0 a Ver.3.1.8. Si un atacante env\u00eda una solicitud especialmente manipulada, el administrador del producto puede verse obligado a acceder a un sitio web arbitrario al hacer clic en un enlace del registro de auditor\u00eda."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html",
      "source": "vultures@jpcert.or.jp"
    },
    {
      "url": "https://jvn.jp/en/jp/JVN48966481/",
      "source": "vultures@jpcert.or.jp"
    }
  ]
}