Open
Description
There is no validation for the year and month variables line between 158-160 on default.aspx.cs.
Additionally, these parameters were used to build another variable named "rewrite", and the "rewrite" parameter is being used within a redirection. (Line 183 default.aspx.cs)
it can be used for redirecting the user to a malicious web page.
Metadata
Metadata
Assignees
Labels
No labels