Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| websitepanel | websitepanel | 1.0.0 |
| websitepanel | websitepanel | 1.1.0 |
| websitepanel | websitepanel | 1.2.0 |
| websitepanel | websitepanel | 1.0.2 |
| websitepanel | websitepanel | 1.1.2 |
| websitepanel | websitepanel | * |
| websitepanel | websitepanel | 1.0.1 |