CVE-2014-3739
Zenoss 4.2.5 is affected by an open redirect in zport/acl_users/cookieAuthHelper/login_form, allowing an attacker to redirect users to arbitrary sites via the came_from parameter. The issue originates from improper handling of the came_from input, enabling phishing-like redirections. No explicit ...