Sitecore CMS 'url' Parameter URI Redirection Vulnerability

Sitecore CMS 'url' Parameter URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to following a malicious URI.

The following example URI is available:

http://www.example.com/sitecore/shell/default.aspx?xmlcontrol=Application&url=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=0