Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Vulnerability Description
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Plone 输入验证错误漏洞
Vulnerability Description
Plone是一套基于Zope应用服务器构建的开源内容管理系统(CMS)。 Plone存在输入验证错误漏洞,攻击者可利用该漏洞可能会利用这个将受害者重定向到他们的网站,特别是作为网络钓鱼攻击的一部分。
CVSS Information
N/A
Vulnerability Type
N/A