Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Plone CMS URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2016-7137 - Vulnerability Database
Plone CMS

Plone CMS URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2016-7137

Medium
Reference: CVE-2016-7137
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-7137
Title: Plone CMS URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6 4.x through 4.3.11 and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) 2b2bgroupdashboard2b2bplone.dashboard12bgroup/2b/portlets.Actions or (2) folder/2b2bcontextportlets2b2bplone.footerportlets/2b /portlets.Actions or the (3) came_from parameter to /login_form.