Legrand SMS PowerView Open Redirect Vulnerability

An open redirect vulnerability has been identified in Legrand SMS PowerView version 1.x. This issue arises from the manipulation of the 'redirect' argument, allowing remote attackers to redirect users to external sites, potentially facilitating phishing attacks. The vulnerability is related to integrity issues, as it can be exploited by injecting user-controlled input that specifies a link to an external site, which the application then uses to redirect users.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to malicious websites, increasing the risk of phishing attacks.

Reproduction

The vulnerability can be reproduced by sending a request to the application with the 'redirect' parameter set to an external URL. The application will then redirect the user to the specified URL, bypassing any security measures that may be in place.