Horilla HR and CRM Software Open Redirect Vulnerability in Notification Endpoints

An open redirect vulnerability has been identified in Horilla HR and CRM software version 1.5.0. The issue arises in the notification endpoints, where the 'next' parameter is not properly validated, allowing users to be redirected to arbitrary external URLs. This flaw can be exploited to turn trusted application links into phishing or social-engineering redirects.

Impact

Exploitation of this vulnerability allows for open redirects to external URLs, which can be used for phishing attacks or social engineering, potentially leading to credential theft or malware delivery.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'mark-all-as-read' notification endpoint. Capture the request using a proxy tool like Burp Suite. Include a 'next' parameter with a URL pointing to an external site, such as 'https://evil.com'. When the request is sent, the application will redirect to the specified external URL, demonstrating the open redirect vulnerability.

Remediation

Users are advised to update to the patched version of Horilla, which addresses the open redirect vulnerability by validating the 'next' parameter before processing the redirect.