CVE-2025-64115

Sažetak

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.

Reference

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f
https://github.com/leepeuker/movary/pull/713
https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

30-10-2025 - 18:15

Objavljeno

30-10-2025 - 18:15