Open Redirect Vulnerability in Progress Sitefinity Web Content Management System
CVE-2017-18178
6.1MEDIUM
What is CVE-2017-18178?
An open redirect issue exists in Progress Sitefinity 9.1 wherein an attacker can manipulate the system to send an authentication token to an arbitrary redirection target. This occurs when a specific '%40' syntax is employed in the redirection URL. The vulnerability poses significant risks as it can potentially lead to unauthorized access and expose sensitive information. Users are encouraged to upgrade to Sitefinity 10.1 or later to mitigate the risks associated with this vulnerability.