CVEFinder.io

CVE-2024-41810

🔶 medium
🔍 Scan for this CVE
Summary

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.

CVSS Score
6.1
Medium
EPSS Score
68.2
Exploit Probability
Published Date
2024-07-29
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 38.9% of all 328,009 vulnerabilities in our database.

#200,536
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jul 29, 2024
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-79 CWE-80

📦 Affected Products 1

Vendor Product Status Affected Versions
twisted twisted Affected
≤ 24.3.0

💣 Public Exploits 1 PRO

Loading exploit information...

🔗 References 3

https://github.com/twisted/twisted/commit/046a164f89...
Patch
https://github.com/twisted/twisted/security/advisori...
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/11...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-42304 ⚠️ high 7.5 0.0 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.n... 2026-05-13
CVE-2023-46137 🔶 medium 5.3 0.6 Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP r... 2023-10-25
CVE-2022-39348 🔶 medium 5.4 1.2 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not... 2022-10-26
CVE-2022-24801 ⚠️ high 8.1 1.2 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the T... 2022-04-04
CVE-2022-21716 ⚠️ high 7.5 1.0 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH clie... 2022-03-03
CVE-2022-21712 ⚠️ high 7.5 0.2 twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authori... 2022-02-07
These CVEs affect the same products