This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 271472

Summary: Open Redirection Vulnerability
Product: apisupport Reporter: muzamilshah254
Component: API docsAssignee: Martin Kozeny <mkozeny>
Status: NEW ---    
Severity: normal    
Priority: P3    
Version: Dev   
Hardware: PC   
OS: Windows 8.1   
Issue Type: DEFECT Exception Reporter:

Description muzamilshah254 2017-09-13 19:43:28 UTC 
Hi there..
I have found your website vulnerable to Open Redirection

Open Redirection :

Open Redirection occurs when vulnerable web page is being redirected to another web page via a user controllable input.

Impact : 

An attacker can use this vulnerability to redirect users to other malicious web sites which can be used for phishing and similar attacks.

Steps To Reproduce : 

1. Go to this link. 
https://netbeans.org/people/login?original_uri=%2Fpeople%2F289283-muzamilshah254

2. Replace the link with 
https://netbeans.org/people/login?original_uri=https://www.google.com

3. Reload the page and signing-in will redirect to google.com.

I hope it will soon get fixed :)

Regards,
Muzamil Shah
WebSecurity Researcher
Comment 1 muzamilshah254 2019-07-01 08:49:19 UTC 
Any update please ?