Lucene search

K

GoogleOSV:GHSA-69VH-662J-V988

HistoryMay 14, 2022 - 2:46 a.m.

Plone Open Redirect Vulnerability

2022-05-1402:46:11

Google

osv.dev

8

vulnerability

plone cms

open redirect

EPSS

0.003

Percentile

71.5%

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.

References

packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

seclists.org/fulldisclosure/2016/Oct/80

www.openwall.com/lists/oss-security/2016/09/05/4

www.openwall.com/lists/oss-security/2016/09/05/5

github.com/plone/Plone

nvd.nist.gov/vuln/detail/CVE-2016-7137

plone.org/security/hotfix/20160830/open-redirection-in-plone

web.archive.org/web/20210625091607/www.securityfocus.com/bid/92752

web.archive.org/web/20210625092107/www.securityfocus.com/archive/1/539572/100/0/threaded

EPSS

0.003

Percentile

71.5%

Related for OSV:GHSA-69VH-662J-V988

osv2 cvelist1 nvd1 redhatcve1 prion1 github1 cve1 packetstorm1 openvas1 nessus2