CVE-2012-4032

Name of the Vulnerable Software and Affected Versions WebsitePanel versions prior to 1.2.2.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to "Default.aspx". This can be exploited by including a malicious URL in the ReturnUrl parameter, which is used to redirect users after login.

Recommendations For versions prior to 1.2.2.1, update to version 1.2.2.1 or later to resolve the issue. As a temporary workaround, consider validating the ReturnUrl parameter to ensure it points to a trusted location within the application.