CVE-2013-4723

Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS versions 5.5.0/1b-p1 through 6.0.6/1a

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to "track.aspx".

Recommendations For versions 5.5.0/1b-p1 through 6.0.6/1a, consider restricting access to the "track.aspx" endpoint until a fix is available, and avoid using the l parameter in this endpoint to minimize the risk of exploitation.