Hexer365

**Name of the Vulnerable Software and Affected Versions** Blitz Panel version 1.17.0 **Description** An open redirect issue exists in the login functionality of Blitz Panel. The issue is located in the `/login` endpoint and involves the `next url` parameter. Successful exploitation could allow an attacker to redirect a user to a malicious domain, potentially leading to phishing or token theft after authentication. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting or validating the `next url` parameter in the `/login` endpoint to prevent redirection to untrusted domains.