CNNVD-202512-4311 Information

CNNVD ID

CNNVD-202512-4311

Related CVE

CVE-2025-60935

• CNNVD Published: 2025-12-24

Description (Chinese)

Blitz Panel是Whispering Wind个人开发者的一个代理服务器的综合管理面板。 Blitz Panel 1.17.0版本存在安全漏洞，该漏洞源于登录端点中的next_url参数存在开放重定向，可能导致钓鱼攻击或令牌窃取。

Description (English)

Blitz Panel is an integrated management panel for a proxy server for the Whispering Wind personal developer. Version 1.17.0 of Blitz Panel has a security loophole, which stems from the open re-direction of the next url parameter at the login end point, which may lead to fishing attacks or token theft.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-24

Last Modified

2026-02-24

References

https://gist.github.com/HEXER365/2e866b47d56585e1e59e7c16bf4b4db7 https://github.com/ReturnFI/Blitz https://access.redhat.com/security/cve/cve-2025-60935

Patch

https://github.com/ReturnFI/Blitz/releases