CVE-2024-55452

Name of the Vulnerable Software and Affected Versions UJCMS version 9.6.3

Description A URL redirection vulnerability exists in UJCMS due to improper validation of URLs in the upload and rendering of new block/carousel items. This issue allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.

Recommendations For UJCMS version 9.6.3, as a temporary workaround, consider disabling the upload and rendering of new block/carousel items until a patch is available. Restrict access to the block/carousel feature to minimize the risk of exploitation. Avoid using the vulnerable URL redirection functionality in the affected UJCMS version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.