Open Redirect Vulnerability

Slogan

If you are currently using the exitscript feature with a redirect page (using the exitURL parameter), there is a security vulnerability that must be addressed.

If extracting the URL from the targetURL parameter in the query string, you MUST validate the URL before redirecting the user.

The validation must ensure that the URL is cross checked against a list of accepted URLs.

For a C# example, visit the .NET Templates wiki.

NOTE: this applies to CDTS version v4.1.0 and previous. The new version of CDTS will not use targetURL parameter.