Vulnerability
Unvalidated open redirection Fuge CMS v1.0
Description
The vulnerability exists in the file https://github.com/fuge/cms/blob/master/src/foo/core/action/front/ProcessAct.java where application is taking RETURN_URL parameter as a user input and passing it without any validation. in next lines this returnUrl parameter is being used for redirection.
CVE-ID
CVE-2023-34916
Vendor
Fuge
Product
CMS v1.0
Disclosure Timeline
Reported On: 06-06-2023
Made Public On:
Fixed On: Not Fixed
Credits
Akshat Singhal