[CRM-16832] Open redirect vulnerability in post-form display - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Trivial
Resolution: Fixed/Completed
Affects Version/s: 4.6.4
Fix Version/s: 4.4.17, 4.6.7
Component/s: Core CiviCRM
Security Level: Security - Published
Labels:
None

Documentation Required?:
None
Funding Source:
Contributed Code

Description

Insufficient validation of redirect urls.

Identified by Coleman in a public (now deleted) SE post.

Attachments

Activity

People

Assignee:

Chris Burgess

Reporter:

Chris Burgess

Authorized Participants:

Rob Brandt

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2015-07-12 23:31

Updated:

2015-08-21 18:39

Resolved:

2015-08-20 20:50