Page Replica
Monthly
Page-Replica endpoint /sitemap improperly validates the url parameter in the sitemap.fetch function, enabling server-side request forgery (SSRF) attacks by authenticated users. An attacker with login credentials can craft malicious requests to make the vulnerable server fetch arbitrary internal or external resources, potentially exposing sensitive data or facilitating lateral movement. The vulnerability affects all versions up to commit e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 under the product's rolling release model, with publicly available exploit code and an EPSS score indicating elevated exploitation probability, though the vendor has not responded to early disclosure.
Page-Replica endpoint /sitemap improperly validates the url parameter in the sitemap.fetch function, enabling server-side request forgery (SSRF) attacks by authenticated users. An attacker with login credentials can craft malicious requests to make the vulnerable server fetch arbitrary internal or external resources, potentially exposing sensitive data or facilitating lateral movement. The vulnerability affects all versions up to commit e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 under the product's rolling release model, with publicly available exploit code and an EPSS score indicating elevated exploitation probability, though the vendor has not responded to early disclosure.