Description
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3365)
WordPress Plugin WordPress Landing Pages Cross-Site Scripting (1.8.5)
PHP Other Vulnerability (CVE-2007-1649)
WordPress Plugin WebP Converter for Media Cross-Site Request Forgery (1.0.2)
PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)