Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks.

The issue is resolved in versions 17.4.0 and 13.14.0.

If users cannot upgrade immediately, they can mitigate the issue in their own site by ensuring every Razor form that posts to UmbLoginStatusController, UmbProfileController or UmbRegisterController passes a concrete, trusted RedirectUrl into Html.BeginUmbracoForm's route values.

For example:

 @using (Html.BeginUmbracoForm<UmbLoginStatusController>(
   "HandleLogout",
   new { RedirectUrl = Model.Url() }))
 {
   <button type="submit">Log out</button>
 }

https://github.com/umbraco/Umbraco-CMS/pull/22565 https://github.com/umbraco/Umbraco-CMS/pull/22561