Description

Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Remediation

References

CVE-2013-4195

Related Vulnerabilities

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5031)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19217)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2938)

Severity

Medium

Classification

CVE-2013-4195 CWE-20

Tags

Missing Update Known Vulnerabilities