CVE-2013-4390

medium

Apache

CVSS v3 Base Score

5.8

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS Score

1.3%

Exploitation probability in 30 days

Top 20% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

None

Published: October 24, 2013 (4586 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

CWE

CWE-20

Affected Products

apache slingapache sling auth core component

References

🔗 mail-archives.apache.org 🔗 secunia.com 🔗 www.securityfocus.com 🔗 issues.apache.org 🔗 mail-archives.apache.org

CVE-2013-4390

Vulnerability Report

Description

CWE

Affected Products

References