Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-4200
HistoryJan 21, 2014 - 4:06 p.m.

CVE-2013-4200

2014-01-2116:06:19
CWE-264
[email protected]
web.nvd.nist.gov
2

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.043

Percentile

92.4%

JSON

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the “next” parameter to acl_users/credentials_cookie_auth/require_login.

Affected configurations

Nvd
Node
ploneploneMatch2.1
OR
ploneploneMatch2.1.1
OR
ploneploneMatch2.1.2
OR
ploneploneMatch2.1.3
OR
ploneploneMatch2.1.4
OR
ploneploneMatch3.0
OR
ploneploneMatch3.0.1
OR
ploneploneMatch3.0.2
OR
ploneploneMatch3.0.3
OR
ploneploneMatch3.0.4
OR
ploneploneMatch3.0.5
OR
ploneploneMatch3.0.6
OR
ploneploneMatch3.1
OR
ploneploneMatch3.1.1
OR
ploneploneMatch3.1.2
OR
ploneploneMatch3.1.3
OR
ploneploneMatch3.1.4
OR
ploneploneMatch3.1.5.1
OR
ploneploneMatch3.1.6
OR
ploneploneMatch3.1.7
OR
ploneploneMatch3.2
OR
ploneploneMatch3.2.1
OR
ploneploneMatch3.2.2
OR
ploneploneMatch3.2.3
OR
ploneploneMatch3.3
OR
ploneploneMatch3.3.1
OR
ploneploneMatch3.3.2
OR
ploneploneMatch3.3.3
OR
ploneploneMatch3.3.4
OR
ploneploneMatch3.3.5
OR
ploneploneMatch4.0
OR
ploneploneMatch4.0.1
OR
ploneploneMatch4.0.2
OR
ploneploneMatch4.0.3
OR
ploneploneMatch4.0.4
OR
ploneploneMatch4.0.5
OR
ploneploneMatch4.0.6.1
OR
ploneploneMatch4.1
Node
ploneploneMatch4.2
OR
ploneploneMatch4.2.1
OR
ploneploneMatch4.2.2
OR
ploneploneMatch4.2.3
OR
ploneploneMatch4.2.4
OR
ploneploneMatch4.2.5
OR
ploneploneMatch4.3
OR
ploneploneMatch4.3.1

Related

prion 1
securityvulns 3
packetstorm 1
cvelist 1
cve 1
osv 2
github 1
prion
prion
Authentication flaw
2014-01-21 16:06:00
securityvulns
securityvulns
CVE-2013-6430 Possible XSS when using Spring MVC
2014-01-19 00:00:00
CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers
2014-01-19 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-01-19 00:00:00
packetstorm
packetstorm
Plone CMS Credential Disclosure
2014-01-17 00:00:00
cvelist
cvelist
CVE-2013-4200
2014-01-21 16:00:00
cve
cve
CVE-2013-4200
2014-01-21 16:06:19
osv
osv
PYSEC-2014-64
2014-01-21 16:06:00
Plone Open Redirection vulnerability via next parameter
2022-05-14 02:54:25
github
github
Plone Open Redirection vulnerability via next parameter
2022-05-14 02:54:25

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.043

Percentile

92.4%

JSON
Related for NVD:CVE-2013-4200
prion1securityvulns3packetstorm1cvelist1cve1osv2github1