Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Remediation
References
https://issues.apache.org/jira/browse/SLING-3141
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://www.securityfocus.com/bid/63241
http://secunia.com/advisories/55249
Related Vulnerabilities
CVE-2011-4905 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2020-15096 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-21666 Vulnerability in maven package org.jenkins-ci.plugins:kiuwanjenkinsplugin
CVE-2011-4838 Vulnerability in maven package jruby:jruby
CVE-2023-39685 Vulnerability in maven package org.hjson:hjson