Ntkien002

**Name of the Vulnerable Software and Affected Versions** Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 **Description** Improper handling of scheme-relative URLs allows for an open redirect. The application incorrectly interprets paths starting with double slashes (//) as internal paths and fails to validate the redirect target before processing. This allows an attacker to craft a URL on the trusted domain that redirects users to an external site, which can be used for phishing or exposing tokens and sensitive data during authentication flows. **Recommendations** Update to version 7.2.10. Update to version 7.3.15. Update to version 7.4.10. Update to version 7.5.3. Reject or rewrite redirect parameters that begin with //. Disable `forceDirectoryStructure` if compatible with the deployment.