EPSS
Percentile
38.8%
Products.CMFPlone is vulnerable to open redirect attacks. These attacks are possible because the came_from parameter will be set to the previous URL a user tried to access regardless of whether it is in portal or not.
came_from
github.com/plone/Products.CMFPlone/pull/2236
plone.org/security/hotfix/20171128
plone.org/security/hotfix/20171128/open-redirection-on-login-form