Benzetaa

**Name of the Vulnerable Software and Affected Versions** October versions prior to 3.5.15 **Description** This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. **Recommendations** For versions prior to 3.5.15, update to version 3.5.15 to resolve the issue. As a temporary workaround, consider restricting access to the page finder link schema (`october://`) to minimize the risk of exploitation.