vendor:
Sitecore CMS
by:
Unknown
5.5
CVSS
MEDIUM
URI Redirection
601
CWE
Product Name: Sitecore CMS
Affected Version From: 6.4.1 rev. 110324
Affected Version To: 6.4.1 rev. 110324
Patch Exists: NO
Related CWE:
CPE: a:sitecore:sitecore_cms:6.4.1
Platforms Tested:
2011
Sitecore CMS URI Redirection Vulnerability
Sitecore CMS is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to properly sanitize and validate user-supplied input before using it in a redirect. Developers should also implement a whitelist of allowed URLs to prevent unauthorized redirections.