CVE-2013-4390

Currently unrated

Key Information:

Vendor: Apache
Status: Sling Auth Core Component; Sling
Vendor: CVE Published:; 24 October 2013

Summary

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

References

https://issues.apache.org/jira/browse/SLING-3141

x_refsource_CONFIRM

http://www.securityfocus.com/bid/63241

vdb-entryx_refsource_BID

http://mail-archives.apache.org/mod_mbox/sling-dev/201310...

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013