CVE-2007-2907

Name of the Vulnerable Software and Affected Versions SSL-Explorer versions prior to 0.2.13

Description The issue allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to "redirect.do". This might lead to cross-site scripting (XSS) or HTTP request smuggling.

Recommendations For versions prior to 0.2.13, update to version 0.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the "redirect.do" endpoint or disabling the use of the forwardTo parameter until a patch is available.