The tomlister Payflex Payment Gateway up to version 2.6.1 contains a URL redirection to untrusted site vulnerability (CVE-2024-47646). This open redirect flaw allows attackers to manipulate URLs to redirect users to potentially malicious external websites. The vulnerability is remotely exploitable without privileges but requires user interaction. It has a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N), reflecting a medium severity level. No patches or vendor advisories are currently available, and no known exploits have been reported.

Successful exploitation of this vulnerability could lead to users being redirected to malicious sites, potentially facilitating phishing or social engineering attacks. The vulnerability does not directly compromise system confidentiality, integrity, or availability but can be leveraged to deceive users and undermine trust in the payment gateway.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users and administrators should be cautious with URLs related to the Payflex Payment Gateway and avoid clicking on suspicious links. Monitor official tomlister communications for updates on patches or mitigations.