Puneeth Gowda

**Name of the Vulnerable Software and Affected Versions** Nokia Maps & Places plugin version 1.6.6 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the `href` parameter to the "page/place.html" endpoint. Initially, it was reported as a cross-site scripting (XSS) vulnerability, but this classification may be inaccurate. **Recommendations** For Nokia Maps & Places plugin version 1.6.6, consider disabling the `href` parameter in the "page/place.html" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `href` parameter in the affected endpoint until the issue is resolved.