https://connect.hyland.com/t5/alfresco-forum/http-open-redirect-in-parameter-quot-failure-quot-after-login/m-p/144487#M38351 <P>Since 5.2 is not a supported version any more, please upgrade to version 6.2 or later.</P> <P>Additional details on this vulnerability are available in <A href="https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community" target="_blank" rel="nofollow noopener noreferrer">https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community</A></P> Mon, 27 Mar 2023 07:53:33 GMT angelborroy 2023-03-27T07:53:33Z https://connect.hyland.com/t5/alfresco-forum/http-open-redirect-in-parameter-quot-failure-quot-after-login/m-p/144486#M38350 <P>An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.</P><P>Penetration tester found that Alfresco CMS affected by CVE-2019-14223. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website.</P><P>With this vulnerability, attacker may able to redirect victim to external malicious site. In more sophisticated attacks, attacker also able to set up phishing pages or hosted malicious javascript to be executed on victim browser on the site.</P> Mon, 27 Mar 2023 03:12:50 GMT https://connect.hyland.com/t5/alfresco-forum/http-open-redirect-in-parameter-quot-failure-quot-after-login/m-p/144486#M38350 leochan168 2023-03-27T03:12:50Z https://connect.hyland.com/t5/alfresco-forum/http-open-redirect-in-parameter-quot-failure-quot-after-login/m-p/144487#M38351 <P>Since 5.2 is not a supported version any more, please upgrade to version 6.2 or later.</P> <P>Additional details on this vulnerability are available in <A href="https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community" target="_blank" rel="nofollow noopener noreferrer">https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community</A></P> Mon, 27 Mar 2023 07:53:33 GMT https://connect.hyland.com/t5/alfresco-forum/http-open-redirect-in-parameter-quot-failure-quot-after-login/m-p/144487#M38351 angelborroy 2023-03-27T07:53:33Z