Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16832

Open redirect vulnerability in post-form display

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.6.4
    • Fix Version/s: 4.4.17, 4.6.7
    • Component/s: Core CiviCRM
    • Security Level: Security - Published
    • Labels:
      None
    • Documentation Required?:
      None
    • Funding Source:
      Contributed Code

      Description

      Insufficient validation of redirect urls.

      Identified by Coleman in a public (now deleted) SE post.

        Attachments

          Activity

            People

            • Assignee:
              xurizaemon Chris Burgess
              Reporter:
              xurizaemon Chris Burgess
              Authorized Participants:
              Rob Brandt
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: