Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Remediation
References
https://issues.apache.org/jira/browse/SLING-3141
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://www.securityfocus.com/bid/63241
http://secunia.com/advisories/55249
Related Vulnerabilities
CVE-2020-2276 Vulnerability in maven package org.jenkins-ci.plugins:selection-tasks-plugin
CVE-2023-46998 Vulnerability in maven package org.webjars.bower:bootbox.js
CVE-2023-4303 Vulnerability in maven package org.jenkins-ci.plugins:fortify
CVE-2019-10240 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-parent
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker