16 matches found
EUVD-2014-0082
Malware in sbrugna...
EUVD-2012-1123
Malware in sbrugna...
CVE-2012-1086
Cross-site scripting XSS vulnerability in the UrlTool aeurltool extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Plone Open Redirection vulnerability via next parameter
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
GHSA-56P3-RRP4-2J82 Plone Open Redirection vulnerability via next parameter
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
CVE-2013-4200
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
PYSEC-2014-64
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
Authentication flaw
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
PYSEC-2014-64
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
CVE-2013-4200
The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...
CVE-2013-4200
Plone CVE-2013-4200 targets the isURLInPortal method of URLTool in in_portal.py. It incorrectly treats URLs starting with a space as relative, bypassing the allow_external_login_sites filter and enabling open redirection via the next parameter to acl_users/credentials_cookie_auth/require_login. A...
PT-2014-2763 · Plone Foundation · Plone
Name of the Vulnerable Software and Affected Versions: Plone versions 2.1 through 4.1 Plone versions 4.2.x through 4.2.5 Plone versions 4.3.x through 4.3.1 Description: The issue allows remote attackers to bypass filtering and redirect users to arbitrary web sites, potentially conducting phishing...
CVE-2012-1086
Cross-site scripting XSS vulnerability in the UrlTool aeurltool extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the UrlTool aeurltool extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1086
The CVE-2012-1086 entry describes a Cross-site scripting (XSS) vulnerability in the TYPO3 UrlTool (aeurltool) extension version 0.1.0, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected component: UrlTool for TYPO3; root cause: XSS in the extension’...
CVE-2012-1086
Cross-site scripting XSS vulnerability in the UrlTool aeurltool extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...