Description
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f
Exploit, Third Party Advisory x_refsource_misc
https://www.mend.io/vulnerability-database/CVE-2022-23078
Scores
EPSS
0.0108
EPSS Percentile
60.9%
Details
CWE
CWE-601
Status
published
Products (1)
habitica/habitica
4.119.0 - 4.233.0
Published
Jun 22, 2022
Tracked Since
Feb 18, 2026