{"vulnerability": "CVE-2025-40846", "sightings": [{"uuid": "5832f3f3-139c-47c1-a499-f23239a1dcdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40846", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40846\n\ud83d\udd25 CVSS Score: 7.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:L/U:Red)\n\ud83d\udd39 Description: Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and\u00a0inject JavaScript code to perform cross site scripting attack.\n\nThe vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21\n\ud83d\udccf Published: 2025-05-08T08:15:06.510Z\n\ud83d\udccf Modified: 2025-05-08T08:15:06.510Z\n\ud83d\udd17 References:\n1. https://support.haloservicedesk.com/kb?id=2501", "creation_timestamp": "2025-05-08T09:23:47.000000Z"}, {"uuid": "3b49fc48-4c47-45f3-8e10-246a990e8366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40846", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lonnt2m4bdj2", "content": "", "creation_timestamp": "2025-05-08T11:29:11.867210Z"}, {"uuid": "5700d72d-79b3-459d-8ff1-33059e972bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40846", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lonw6awimm24", "content": "", "creation_timestamp": "2025-05-08T12:31:47.261615Z"}, {"uuid": "0f8b06e7-10d7-4058-b80c-5087c62f8581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40846", "type": "seen", "source": "https://t.me/cvedetector/24815", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40846 - Halo Open Redirect and Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-40846 \nPublished : May 8, 2025, 9:15 a.m. | 2\u00a0hours, 3\u00a0minutes ago \nDescription : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and\u00a0inject JavaScript code to perform cross site scripting attack.  \n  \nThe vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T13:26:03.000000Z"}, {"uuid": "d57ca3c0-34bf-4b92-845b-6041b92cd106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40846", "type": "seen", "source": "Telegram/jHnWvNabCg5nBq0cGNPWlFRtdOm-OMSm2hC1QiZZeG_Nzo4", "content": "", "creation_timestamp": "2025-05-08T11:30:59.000000Z"}]}