CVE-2015-5354

Name of the Vulnerable Software and Affected Versions Novius OS version 5.0.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the redirect parameter to the "admin/nos/login" API endpoint.

Recommendations For Novius OS version 5.0.1, consider restricting access to the admin/nos/login endpoint until a patch is available, and avoid using the redirect parameter in this endpoint to minimize the risk of exploitation.