Anthony Baube

**Name of the Vulnerable Software and Affected Versions** POSH versions 3.0 through 3.2.1 **Description** The issue concerns a problem in the password reset functionality that allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. This is achieved by manipulating a URL in the `redirect` parameter to the `/portal/scr sendmd5.php` API endpoint. **Recommendations** For POSH versions 3.0 through 3.2.1, as a temporary workaround, consider restricting access to the password reset functionality until a fix is available. Avoid using the `redirect` parameter in the `/portal/scr sendmd5.php` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** POSH versions 3.0 through 3.2.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `error` parameter to "/includes/plugins/mobile/scripts/login.php" or the `id` parameter to "portal/openrssarticle.php". **Recommendations** For POSH versions 3.0 through 3.2.1, consider disabling access to the "/includes/plugins/mobile/scripts/login.php" and "portal/openrssarticle.php" endpoints until a fix is available. Restrict the use of the `error` and `id` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.