Hi, today we received information from a public institution, the Computer Security Incident Response Team, regarding an audit conducted on our OJS 3.3.0-8 installation, in which the following vulnerabilities were detected:
-
An Open Redirect vulnerability was detected, allowing an attacker to craft a link within your domain that redirects to any other site, including potentially malicious sites. The vulnerability was identified at the following addresses:
https://XXXXXXXXX:443 under the path /.example.com -
It was detected that the Nowa noVNC system contains an Open Redirect vulnerability, allowing an attacker to craft a link within your domain that redirects to any other site, including potentially malicious sites. The vulnerability was identified at the following addresses:
https://XXXXXXXXXX:443 under the path //interact.sh/%2F…
Is this issue known to you, and how can the potential vulnerabilities be mitigated?
Thanks
Janels