CVE-2014-2213

Name of the Vulnerable Software and Affected Versions POSH versions 3.0 through 3.2.1

Description The issue concerns a problem in the password reset functionality that allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. This is achieved by manipulating a URL in the redirect parameter to the /portal/scr sendmd5.php API endpoint.

Recommendations For POSH versions 3.0 through 3.2.1, as a temporary workaround, consider restricting access to the password reset functionality until a fix is available. Avoid using the redirect parameter in the /portal/scr sendmd5.php API endpoint to minimize the risk of exploitation.