Submit #574825: kanwangzjm funiture master branch Open Redirectinfo

Titlekanwangzjm funiture master branch Open Redirect
DescriptionIn the project funiture, the endpoint /login.do and /user/login.page lack validation for the redirect URL. The application trusts user-controlled input for redirect targets (HttpServletRequest parameter 'ret') may redirect victims to attacker-controlled domains, facilitating phishing or social engineering attacks. Project Link: https://github.com/kanwangzjm/funiture Affected Version: master branch Affected API: /login.do and /user/login.page Code Location: /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java:32 and /funiture-master/src/main/java/com/app/mvc/acl/controller/UserController.java:25
Source⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md
User
 ShenxiuSecurity (UID 84374)
Submission05/10/2025 02:21 (1 Year ago)
Moderation05/16/2025 16:37 (7 days later)
StatusAccepted
VulDB entry309306 [kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b Login LoginServlet.java doPost ret redirect]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!