A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an malicious user to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
uninett mod auth mellon |