• info
• discussion
• exploit
• solution
• references

Sitecore CMS 'url' Parameter URI Redirection Vulnerability

Sitecore CMS is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.

Sitecore CMS versions 6.4.1 rev. 110324 and prior are vulnerable.