Total vulnerabilities in the database
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
Software | From | Fixed in |
---|---|---|
plone / plone | 3.3 | 3.3.x |
plone / plone | 4.0.5 | 4.0.5.x |
plone / plone | 3.0.1 | 3.0.1.x |
plone / plone | 3.0 | 3.0.x |
plone / plone | 3.2.3 | 3.2.3.x |
plone / plone | 3.1.4 | 3.1.4.x |
plone / plone | 3.1.5.1 | 3.1.5.1.x |
plone / plone | 2.1.4 | 2.1.4.x |
plone / plone | 4.0.2 | 4.0.2.x |
plone / plone | 3.3.5 | 3.3.5.x |
plone / plone | 3.0.6 | 3.0.6.x |
plone / plone | 3.2 | 3.2.x |
plone / plone | 3.1.1 | 3.1.1.x |
plone / plone | 2.1.1 | 2.1.1.x |
plone / plone | 3.3.4 | 3.3.4.x |
plone / plone | 3.3.2 | 3.3.2.x |
plone / plone | 4.0.4 | 4.0.4.x |
plone / plone | 3.1.7 | 3.1.7.x |
plone / plone | 4.1 | 4.1.x |
plone / plone | 3.2.2 | 3.2.2.x |
plone / plone | 2.1.2 | 2.1.2.x |
plone / plone | 3.0.3 | 3.0.3.x |
plone / plone | 3.3.1 | 3.3.1.x |
plone / plone | 3.0.4 | 3.0.4.x |
plone / plone | 3.1.2 | 3.1.2.x |
plone / plone | 3.2.1 | 3.2.1.x |
plone / plone | 4.0 | 4.0.x |
plone / plone | 3.0.5 | 3.0.5.x |
plone / plone | 4.0.6.1 | 4.0.6.1.x |
plone / plone | 4.0.1 | 4.0.1.x |
plone / plone | 3.0.2 | 3.0.2.x |
plone / plone | 2.1 | 2.1.x |
plone / plone | 3.1 | 3.1.x |
plone / plone | 3.3.3 | 3.3.3.x |
plone / plone | 2.1.3 | 2.1.3.x |
plone / plone | 3.1.6 | 3.1.6.x |
plone / plone | 3.1.3 | 3.1.3.x |
plone / plone | 4.0.3 | 4.0.3.x |
plone / plone | 4.2.3 | 4.2.3.x |
plone / plone | 4.3 | 4.3.x |
plone / plone | 4.2.2 | 4.2.2.x |
plone / plone | 4.2.5 | 4.2.5.x |
plone / plone | 4.3.1 | 4.3.1.x |
plone / plone | 4.2.4 | 4.2.4.x |
plone / plone | 4.2 | 4.2.x |
plone / plone | 4.2.1 | 4.2.1.x |
![]() |
- | 4.1.1 |
![]() |
4.2.0 | 4.2.6 |
![]() |
4.3.0 | 4.3.2 |