4 matches found
CVE-2013-4200
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
CVE-2013-4200
Plone CVE-2013-4200 targets the isURLInPortal method of URLTool in in_portal.py. It incorrectly treats URLs starting with a space as relative, bypassing the allow_external_login_sites filter and enabling open redirection via the next parameter to acl_users/credentials_cookie_auth/require_login. A...
CVE-2013-6430 Possible XSS when using Spring MVC
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...
CVE-2013-4200
creationtimestamp| type| source ---|---|--- 2013-07-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38738...