CVE-2014-7292

Name of the Vulnerable Software and Affected Versions Newtelligence dasBlog versions 2.1 (2.1.8102.813) through 2.3 (2.3.9074.18820)

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to "ct.ashx" API endpoint.

Recommendations For versions 2.1 (2.1.8102.813) through 2.3 (2.3.9074.18820), consider restricting access to the Click-Through feature until a patch is available. As a temporary workaround, avoid using the url parameter in the "ct.ashx" API endpoint to minimize the risk of exploitation.