Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dotCMS V5.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL e.g.
http://localhost:8999/html/common/forward_js.jsp?FORWARD_URL=http://www.baidu.com http://localhost:8999/html/portlet/ext/common/page_preview_popup.jsp?hostname=google.com
limit the redirect target
The text was updated successfully, but these errors were encountered:
Thank you for this report. This issue will be resolved in 5.0.2 with the code from this issue: #15274
Sorry, something went wrong.
Please note this issue also affects the 3.x and 4.x versions.
Looking at the commit in #15724 it looks like the chosen solution is to mandate authentication for these urls. Wouldn't that leave logged in users still vulnerable?
No branches or pull requests
Current Behavior
dotCMS V5.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL
e.g.
Possible Solution
limit the redirect target
The text was updated successfully, but these errors were encountered: