CNNVD-202511-809 Information

CNNVD ID

CNNVD-202511-809

Related CVE

CVE-2025-63784

• CNNVD Published: 2025-11-07

Description (Chinese)

Onlook是Onlook开源的一个源码可视化编辑工具。 Onlook 0.2.32版本存在安全漏洞，该漏洞源于未正确验证X-Forwarded-Host标头值，可能导致重定向到任意外部网站。

Description (English)

OnLook is a source-based visual editing tool for OnLook open source. Onlook version 0.2.32 contains a security loophole that results from the incorrect validation of X-Forwarded-Host header values, which may lead to a redirection to any external website.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Onlook

Published

2025-11-07

Last Modified

2026-02-24

References

https://blog.soohyun.tech/CVE-2025-63784-Open-Redirect-in-Onlook-27e557175d2e80ac8641fab59dc36021 https://tossbank.notion.site/Open-Redirect-in-onlook-27e557175d2e80ac8641fab59dc36021