Back to search
CVE-2025-64116
Published: Oct 30, 2025
Modified: Oct 31, 2025
PUBLISHED
Description
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
| Vendor | Product | Versions |
|---|---|---|
leepeuker | movary | affected < 0.69.0 |
Weaknesses (CWE)
References
https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g
x_refsource_CONFIRM
https://github.com/leepeuker/movary/pull/713
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now