URL Redirection to Untrusted Site ('Open Redirect') (CWE ID 601

Adobe-Consulting-Services / acs-aem-commons

http://adobe-consulting-services.github.io/acs-aem-commons/

Apache License 2.0

453 stars 600 forks source link

URL Redirection to Untrusted Site ('Open Redirect') (CWE ID 601 #1127

Closed LambaSwati closed 7 years ago

LambaSwati commented 7 years ago

Description A web application accepts a untrusted input that specifies a link to an external site, and uses that link to generate a redirect. This enables phishing attacks.

Instances found via Static Scan Flaw Id Module # Class Flaw Id Module # Class # Module Location Fix By 47 8 - JS files within acsaem-commonscontent-3.9.0.zip /jcr_root/.../clientlibs/js/app.js 59 6/5/11 45 12 - JS files within acsaem-commonscontent-3.9.0.zip /jcr_root/.../clientlibs/js/app.js 115

justinedelson commented 7 years ago

That's not how these files work. The location is generated to an internal site.