Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:PYSEC-2021-323
HistoryAug 02, 2021 - 7:15 p.m.

PYSEC-2021-323

2021-08-0219:15:00
Google
osv.dev
4
products.isurlinportal
plone
open redirect
security vulnerability
patched

EPSS

0.001

Percentile

34.7%

JSON

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the ‘is url in portal’ check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal. The url https:example.org without slashes is considered to be in the portal. When redirecting, some browsers go to https://example.org, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.

Related

osv 2
github 1
jvn 1
cve 1
nvd 1
cvelist 1
prion 1
osv
osv
CVE-2021-32806
2021-08-02 19:15:08
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
2021-08-05 17:02:12
github
github
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
2021-08-05 17:02:12
jvn
jvn
JVN#50804280: Plone vulnerable to open redirect
2021-08-12 00:00:00
cve
cve
CVE-2021-32806
2021-08-02 19:15:08
nvd
nvd
CVE-2021-32806
2021-08-02 19:15:08
cvelist
cvelist
CVE-2021-32806 URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
2021-08-02 18:25:11
prion
prion
Open redirect
2021-08-02 19:15:00

EPSS

0.001

Percentile

34.7%

JSON
Related for OSV:PYSEC-2021-323
osv2github1jvn1cve1nvd1cvelist1prion1