CVE-2016-7137 in Ploneinformazioni

Riassunto

di MITRE

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

05/09/2016

Divulgazione

07/03/2017

Moderazione

accettato

Voce

VDB-92699

CPE

pronto

CWE

CWE-601 (confermato)

CVSS

6.1 (NVD)

EPSS

0.01670

KEV

Attività

molto basso

Settore

Lawfirm, Agriculture, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-7137
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7137
CVE Details	https://www.cvedetails.com/cve/CVE-2016-7137/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!