OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements jwt signing for the redirect url parameter.
https://github.com/HackUCF/OnboardLite/security/advisories/GHSA-p8c5-qp4c-qr2m
https://github.com/HackUCF/OnboardLite/commit/6cca19ea4f47af125caa08ef82594844f039e07e
Published: 2025-08-20
Updated: 2026-04-15
Base Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: Medium
Base Score: 5.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Severity: Medium
EPSS: 0.00041