Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19994

Redirect parameter xredirect in login/logout can link to external site

    XMLWordPrintable

Details

    • Unknown
    • N/A

    Description

      The login and logout parameter xredirect can link to external sites. For example:

      /bin/login/XWiki/XWikiLogin?xredirect=//www.softscheck.com/de
/bin/logout/XWiki/XWikiLogout?xredirect=//www.softscheck.com/de

      An attack path could be a link in one of the sites that looks like an internal reference but redirects to the attackers site.

       

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20096 Open Redirect vulnerability discovered in the latest XWiki platform

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-10309 Phishing Through URL Redirection

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              fhafner Fabian Hafner
              Paulos Mesfin, Simpel
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: