Description

Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Remediation

References

CVE-2013-4195

Related Vulnerabilities

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17784)

Jboss EAP Improper Initialization Vulnerability (CVE-2023-4503)

WordPress Plugin Web Forms for Vtiger wordpress Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3528)

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

Severity

Medium

Classification

CVE-2013-4195 CWE-20

Tags

Missing Update Known Vulnerabilities