Published: 2018/01/19  Last Updated: 2018/01/19

Information from Japan Total System Co.,Ltd.

Vulnerability ID:JVN#26200083
Title:GroupSession vulnerable to open redirect

This is a statement from the vendor itself with no modification by JPCERT/CC.

In GroupSession, it is possible to redirect to external site by user plugin etc.
It is a function to cooperate with GroupSession and other sites
Using this function, you may be guided to an unintended site.

As a countermeasure, we added the connection restriction function at the above redirect to version 4.7.1.