CVE-2013-4195
Plone 2.1-4.1, 4.2-4.2.5, 4.3-4.3.1 - Open Redirect via marmoset_patch.py, publish.py, and principiaredirect.py
Title source: llmDescription
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=978471
Vendor Advisory x_refsource_confirm
http://plone.org/products/plone/security/advisories/20130618-announcement
Patch x_refsource_confirm
http://plone.org/products/plone-hotfix/releases/20130618
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/261
Scores
EPSS
0.0119
EPSS Percentile
64.3%
Details
CWE
CWE-20
Status
published
Products (50)
plone/plone
2.1
plone/plone
2.1.1
plone/plone
2.1.2
plone/plone
2.1.3
plone/plone
2.1.4
plone/plone
2.5
plone/plone
2.5.1
plone/plone
2.5.2
plone/plone
2.5.3
plone/plone
2.5.4
... and 40 more
Published
Mar 11, 2014
Tracked Since
Feb 18, 2026