Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`

Summary MageProductAlertAddController::stockAction reads the uenc query parameter and passes it directly to $this-redirectUrl$backUrl without calling $this-isUrlInternal When the supplied productid does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever...