In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, External page display restriction is set to Do not limit in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.
The product initializes or sets a resource with a default that is intended to be changed by the product’s installer, administrator, or maintainer, but the default is not secure.