Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2013-4200

Published: 21/01/2014 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Plone

Vulnerability Summary

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 treats URLs starting with a space as a relative URL, which allows remote malicious users to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

Vulnerable Product Search on Vulmon Subscribe to Product

plone plone 3.3

plone plone 4.0.5

plone plone 3.0.1

plone plone 3.0

plone plone 3.2.3

plone plone 3.1.4

plone plone 3.1.5.1

plone plone 2.1.4

plone plone 4.0.2

plone plone 3.3.5

plone plone 3.0.6

plone plone 3.2

plone plone 3.1.1

plone plone 2.1.1

plone plone 3.3.4

plone plone 3.3.2

plone plone 4.0.4

plone plone 3.1.7

plone plone 4.1

plone plone 3.2.2

plone plone 2.1.2

plone plone 3.0.3

plone plone 3.3.1

plone plone 3.0.4

plone plone 3.1.2

plone plone 3.2.1

plone plone 4.0

plone plone 3.0.5

plone plone 4.0.6.1

plone plone 4.0.1

plone plone 3.0.2

plone plone 2.1

plone plone 3.1

plone plone 3.3.3

plone plone 2.1.3

plone plone 3.1.6

plone plone 3.1.3

plone plone 4.0.3

plone plone 4.2.3

plone plone 4.3

plone plone 4.2.2

plone plone 4.2.5

plone plone 4.3.1

plone plone 4.2.4

plone plone 4.2

plone plone 4.2.1

Exploits

Exploit DB: Plone - 'in_portal.py' < 4.1.3 Session Hijacking
source: wwwsecurityfocuscom/bid/61964/info Plone is prone to a session-hijacking vulnerability An attacker can exploit this issue to hijack user sessions and gain unauthorized access to the affected application Note: This issue was previously discussed in the BID 61544 (Plone Multiple Remote Security Vulnerabilities), but has been mov ...
Exploit DB: Plone CMS Credential Disclosure
Plone CMS suffers from a URL redirection credential disclosure vulnerability ...

References

CWE-264http://plone.org/products/plone/security/advisories/20130618-announcementhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200http://www.openwall.com/lists/oss-security/2013/08/01/2http://plone.org/products/plone-hotfix/releases/20130618http://www.securityfocus.com/archive/1/530787/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/38738/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook