An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.
Penetration tester found that Alfresco CMS affected by CVE-2019-14223. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website.
With this vulnerability, attacker may able to redirect victim to external malicious site. In more sophisticated attacks, attacker also able to set up phishing pages or hosted malicious javascript to be executed on victim browser on the site.
