Refine your search
4 vulnerabilities found for movary by leepeuker
CVE-2025-64116 (GCVE-0-2025-64116)
Vulnerability from nvd
Published
2025-10-30 17:32
Modified
2025-10-31 16:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T16:49:13.851704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T16:50:03.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "movary",
"vendor": "leepeuker",
"versions": [
{
"status": "affected",
"version": "\u003c 0.69.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:32:41.434Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g"
},
{
"name": "https://github.com/leepeuker/movary/pull/713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/pull/713"
},
{
"name": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f"
}
],
"source": {
"advisory": "GHSA-7q72-x26x-7f8g",
"discovery": "UNKNOWN"
},
"title": "Movary vulnerable to an open redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64116",
"datePublished": "2025-10-30T17:32:41.434Z",
"dateReserved": "2025-10-27T15:26:14.128Z",
"dateUpdated": "2025-10-31T16:50:03.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64115 (GCVE-0-2025-64115)
Vulnerability from nvd
Published
2025-10-30 17:39
Modified
2025-10-30 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:06:07.748228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:06:23.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "movary",
"vendor": "leepeuker",
"versions": [
{
"status": "affected",
"version": "\u003c 0.69.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:39:19.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f"
},
{
"name": "https://github.com/leepeuker/movary/pull/713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/pull/713"
},
{
"name": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f"
}
],
"source": {
"advisory": "GHSA-pm58-79jw-q79f",
"discovery": "UNKNOWN"
},
"title": "Movary unvalidated Referer header allows open redirect and phishing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64115",
"datePublished": "2025-10-30T17:39:19.330Z",
"dateReserved": "2025-10-27T15:26:14.128Z",
"dateUpdated": "2025-10-30T19:06:23.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64115 (GCVE-0-2025-64115)
Vulnerability from cvelistv5
Published
2025-10-30 17:39
Modified
2025-10-30 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:06:07.748228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:06:23.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "movary",
"vendor": "leepeuker",
"versions": [
{
"status": "affected",
"version": "\u003c 0.69.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:39:19.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f"
},
{
"name": "https://github.com/leepeuker/movary/pull/713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/pull/713"
},
{
"name": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f"
}
],
"source": {
"advisory": "GHSA-pm58-79jw-q79f",
"discovery": "UNKNOWN"
},
"title": "Movary unvalidated Referer header allows open redirect and phishing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64115",
"datePublished": "2025-10-30T17:39:19.330Z",
"dateReserved": "2025-10-27T15:26:14.128Z",
"dateUpdated": "2025-10-30T19:06:23.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64116 (GCVE-0-2025-64116)
Vulnerability from cvelistv5
Published
2025-10-30 17:32
Modified
2025-10-31 16:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T16:49:13.851704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T16:50:03.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "movary",
"vendor": "leepeuker",
"versions": [
{
"status": "affected",
"version": "\u003c 0.69.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:32:41.434Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g"
},
{
"name": "https://github.com/leepeuker/movary/pull/713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/pull/713"
},
{
"name": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f"
}
],
"source": {
"advisory": "GHSA-7q72-x26x-7f8g",
"discovery": "UNKNOWN"
},
"title": "Movary vulnerable to an open redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64116",
"datePublished": "2025-10-30T17:32:41.434Z",
"dateReserved": "2025-10-27T15:26:14.128Z",
"dateUpdated": "2025-10-31T16:50:03.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}