Security Advisory

CVE-2016-7137

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-03-07 16:00:00

Last updated 2024-08-06 01:50:47

Assigner mitre

State PUBLISHED

Description

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.

← Browse all CVEs View on cve.org ↗