Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:PYSEC-2014-64
HistoryJan 21, 2014 - 4:06 p.m.

PYSEC-2014-64

2014-01-2116:06:00
Google
osv.dev
7

EPSS

0.043

Percentile

92.4%

JSON

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the “next” parameter to acl_users/credentials_cookie_auth/require_login.

Related

prion 1
securityvulns 3
packetstorm 1
nvd 1
cvelist 1
cve 1
osv 1
github 1
prion
prion
Authentication flaw
2014-01-21 16:06:00
securityvulns
securityvulns
CVE-2013-6430 Possible XSS when using Spring MVC
2014-01-19 00:00:00
CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers
2014-01-19 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-01-19 00:00:00
packetstorm
packetstorm
Plone CMS Credential Disclosure
2014-01-17 00:00:00
nvd
nvd
CVE-2013-4200
2014-01-21 16:06:19
cvelist
cvelist
CVE-2013-4200
2014-01-21 16:00:00
cve
cve
CVE-2013-4200
2014-01-21 16:06:19
osv
osv
Plone Open Redirection vulnerability via next parameter
2022-05-14 02:54:25
github
github
Plone Open Redirection vulnerability via next parameter
2022-05-14 02:54:25

EPSS

0.043

Percentile

92.4%

JSON
Related for OSV:PYSEC-2014-64
prion1securityvulns3packetstorm1nvd1cvelist1cve1osv1github1