Products.CMFPlone is vulnerable to open redirect attacks. These attacks are possible because the came_from
parameter will be set to the previous URL a user tried to access regardless of whether it is in portal or not.
CPE | Name | Operator | Version |
---|---|---|---|
products.cmfplone | le | 4.3.19 | |
products.cmfplone | le | 5.1.6 |