Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/45075
http://www.securityfocus.com/archive/1/496236/100/0/threaded