WWBN AVideo Open Redirect Vulnerability in Login Flow

A open redirect vulnerability has been identified in WWBN AVideo versions prior to 26.0. The issue arises in the login process, where the user-supplied redirectUri parameter is directly reflected into a JavaScript document.location assignment without proper encoding for JavaScript context. This allows an attacker to redirect users to a malicious site after they complete the login process. The vulnerability exists in view/userLogin.php, where the redirectUri parameter is not adequately validated before being used.

Impact

Exploitation of this vulnerability allows for open redirect, where users are sent to an attacker-controlled site, potentially leading to phishing attacks.

Reproduction

To reproduce this vulnerability, send a request to view/userLogin.php with a redirectUri parameter that includes an unvalidated URL, such as //evil.com. The application will reflect this URL into a JavaScript document.location assignment without proper encoding. After the victim interacts with the login popup and closes it, they will be redirected to the attacker-controlled site.

Remediation

Users can update to WWBN AVideo version 26.0 or later, where this vulnerability has been fixed.