Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bonitasoft bonita bpm portal |