Lucene search

K

GoogleOSV:GHSA-69VH-662J-V988

HistoryMay 14, 2022 - 2:46 a.m.

Plone Open Redirect Vulnerability

2022-05-1402:46:11

Google

osv.dev

5

0.003 Low

EPSS

Percentile

71.5%

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.

CPENameOperatorVersion
ploneeq4.1.4
ploneeq5.0.2
ploneeq4.1.5
ploneeq4.3b1
ploneeq3.3
ploneeq4.3a2
ploneeq3.3.1
ploneeq4.0.10
ploneeq4.0.6
ploneeq4.1a2

Rows per page:

1-10 of 701

References

packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

seclists.org/fulldisclosure/2016/Oct/80

www.openwall.com/lists/oss-security/2016/09/05/4

www.openwall.com/lists/oss-security/2016/09/05/5

github.com/plone/Plone

nvd.nist.gov/vuln/detail/CVE-2016-7137

plone.org/security/hotfix/20160830/open-redirection-in-plone

web.archive.org/web/20210625091607/www.securityfocus.com/bid/92752

web.archive.org/web/20210625092107/www.securityfocus.com/archive/1/539572/100/0/threaded

0.003 Low

EPSS

Percentile

71.5%

Related for OSV:GHSA-69VH-662J-V988

osv2 cvelist1 cve1 prion1 github1 redhatcve1 nvd1 packetstorm1 openvas1 nessus2