When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
acymailing acymailing |