Masa CMS Open Redirect Vulnerability Allowing Phishing and Token Leakage

An open redirect vulnerability has been identified in Masa CMS versions through 7.5.2. This issue arises from improper handling of scheme-relative URLs, where paths starting with double slashes are misinterpreted as internal. The application fails to validate redirect targets before processing, allowing attackers to craft URLs that redirect users to external, attacker-controlled sites. This vulnerability can be exploited for phishing attacks and, in certain authentication scenarios, may result in the leakage of tokens or sensitive data to the external site.

Impact

Exploitation of this vulnerability allows for open redirection to external sites, which can be used for phishing attacks. In some authentication flows, it may also lead to the exposure of tokens or other sensitive information to the external site.

Remediation

Users are advised to upgrade to Masa CMS versions 7.2.10, 7.3.15, 7.4.10, or 7.5.3. If an immediate upgrade is not possible, consider adjusting the configuration to disable the forceDirectoryStructure setting, implementing a custom filter to sanitize redirect parameters, or using Web Application Firewall rules to block requests with scheme-relative URLs.