habitica CVE Vulnerabilities & CVE List (5)

Products (CPE): — CVEs: 5

habitica vulnerability overview

Aggregates CVE and security vulnerability intelligence across all habitica-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk cross-site scripting and vendor risk open redirect; exposure may include vendor impact session compromise in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 15 of 5 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-53274 Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim’s session. Version 5.28.5 contains a patch. [email protected] 2.0 0.44% 2024-12-11 2026-06-17
CVE-2024-53273 Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. [email protected] 5.0 0.44% 2024-12-11 2026-06-17
CVE-2024-53272 Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 [email protected] 5.0 0.44% 2024-12-11 2026-06-17
CVE-2022-23078 In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. [email protected] 5.8 1.08% 2022-06-22 2026-06-17
CVE-2022-23077 In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. [email protected] 6.1 0.65% 2022-06-22 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence