header-logo
Suggest Exploit
vendor:
Sitecore CMS
by:
Unknown
5.5
CVSS
MEDIUM
URI Redirection
601
CWE
Product Name: Sitecore CMS
Affected Version From: 6.4.1 rev. 110324
Affected Version To: 6.4.1 rev. 110324
Patch Exists: NO
Related CWE:
CPE: a:sitecore:sitecore_cms:6.4.1
Metasploit:
Other Scripts:
Platforms Tested:
2011

Sitecore CMS URI Redirection Vulnerability

Sitecore CMS is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user-supplied input before using it in a redirect. Developers should also implement a whitelist of allowed URLs to prevent unauthorized redirections.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48930/info

Sitecore CMS is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.

Sitecore CMS versions 6.4.1 rev. 110324 and prior are vulnerable. 

http://www.example.com/sitecore/shell/default.aspx?xmlcontrol=Application&url=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=0