Vulnerability
Unvalidated redirection vulnerability in Fuge CMS v1.0
Description
The vulnerability exists in the file https://github.com/fuge/cms/blob/master/src/foo/cms/action/member/RegisterAct.java where application is taking the nextUrl parameter as a user input and passing it without any validation. in next lines this nextUrl parameter is being used for redirection.
CVE-ID
CVE-2023-34917
Vendor
Fuge
Product
CMS v1.0
Disclosure Timeline
Reported On: 06-06-2023
Made Public On:
Fixed On: Not Fixed
Credits
Akshat Singhal