2 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-1000481
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login...
CVE-2017-1000481
The CVE-2017-1000481 issue affects Plone 2.5–5.1rc1 where a login flow uses a came_from parameter to redirect after login. A malformed/crafted link can lead users to an attacker’s site or allow attacker-controlled JavaScript execution; Plone’s isURLInPortal checks mitigate, but additional bypasse...