CVE-2013-4390

EUVD-2022-4301
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
apachesling
*
apachesling_auth_core_component
𝑥
≤ 1.1.2
apachesling_auth_core_component
1.0.2
apachesling_auth_core_component
1.0.4
apachesling_auth_core_component
1.0.6
apachesling_auth_core_component
1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://secunia.com/advisories/55249
http://www.securityfocus.com/bid/63241
https://issues.apache.org/jira/browse/SLING-3141
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://secunia.com/advisories/55249
http://www.securityfocus.com/bid/63241
https://issues.apache.org/jira/browse/SLING-3141