CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-42671: A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious...

Description

A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities.

Classification

CVE ID: CVE-2024-42671

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-03-01 (when was this score calculated)

References

https://github.com/abbisQQ/Appointment-Scheduler-Host-Header-Poisoning-Open-Redirect/blob/main/README.md
https://github.com/slabiak/AppointmentScheduler/issues/53

Timeline

2025-02-01 00:30:28 UTC
CVE

A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious...