CVE-2024-41810

Published: Jul 29, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-41810" target="_blank" rel="noopener"> CVE-2024-41810
GHSA: <a href="https://github.com/advisories/GHSA-cf56-g6w6-pqq2" target="_blank" rel="noopener"> GHSA-cf56-g6w6-pqq2
Severity: Medium
Exploit:

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.