Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Remediation
References
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://secunia.com/advisories/55249
http://www.securityfocus.com/bid/63241
https://issues.apache.org/jira/browse/SLING-3141
Related Vulnerabilities
CVE-2023-25571 Vulnerability in npm package @backstage/catalog-model
CVE-2023-28671 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2023-30846 Vulnerability in npm package typed-rest-client
CVE-2023-45143 Vulnerability in maven package org.webjars.npm:undici
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webapp