CVE-2016-7137
- Source
- https://cve.org/CVERecord?id=CVE-2016-7137
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7137.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-7137
- Aliases
- Published
- 2017-03-07T16:59:00.960Z
- Modified
- 2026-04-10T03:53:05.182257Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) camefrom parameter to /loginform.
- References
-
- http://www.securityfocus.com/archive/1/539572/100/0/threaded
- http://www.securityfocus.com/bid/92752
- http://seclists.org/fulldisclosure/2016/Oct/80
- https://plone.org/security/hotfix/20160830/open-redirection-in-plone
- http://www.openwall.com/lists/oss-security/2016/09/05/4
- http://www.openwall.com/lists/oss-security/2016/09/05/5
- http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
Affected packages
Git / github.com/plone/plone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/plone/plone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "3.3" }, { "introduced": "0" }, { "last_affected": "3.3.1" }, { "introduced": "0" }, { "last_affected": "3.3.2" }, { "introduced": "0" }, { "last_affected": "3.3.3" }, { "introduced": "0" }, { "last_affected": "3.3.4" }, { "introduced": "0" }, { "last_affected": "3.3.5" }, { "introduced": "0" }, { "last_affected": "3.3.6" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "introduced": "0" }, { "last_affected": "4.0.1" }, { "introduced": "0" }, { "last_affected": "4.0.2" }, { "introduced": "0" }, { "last_affected": "4.0.3" }, { "introduced": "0" }, { "last_affected": "4.0.4" }, { "introduced": "0" }, { "last_affected": "4.0.5" }, { "introduced": "0" }, { "last_affected": "4.0.7" }, { "introduced": "0" }, { "last_affected": "4.0.8" }, { "introduced": "0" }, { "last_affected": "4.0.9" }, { "introduced": "0" }, { "last_affected": "4.0.10" }, { "introduced": "0" }, { "last_affected": "4.1" }, { "introduced": "0" }, { "last_affected": "4.1.1" }, { "introduced": "0" }, { "last_affected": "4.1.2" }, { "introduced": "0" }, { "last_affected": "4.1.3" }, { "introduced": "0" }, { "last_affected": "4.1.4" }, { "introduced": "0" }, { "last_affected": "4.1.5" }, { "introduced": "0" }, { "last_affected": "4.1.6" }, { "introduced": "0" }, { "last_affected": "4.2" }, { "introduced": "0" }, { "last_affected": "4.2.1" }, { "introduced": "0" }, { "last_affected": "4.2.2" }, { "introduced": "0" }, { "last_affected": "4.2.3" }, { "introduced": "0" }, { "last_affected": "4.2.4" }, { "introduced": "0" }, { "last_affected": "4.2.5" }, { "introduced": "0" }, { "last_affected": "4.2.6" }, { "introduced": "0" }, { "last_affected": "4.2.7" }, { "introduced": "0" }, { "last_affected": "4.3" }, { "introduced": "0" }, { "last_affected": "4.3.1" }, { "introduced": "0" }, { "last_affected": "4.3.2" }, { "introduced": "0" }, { "last_affected": "4.3.3" }, { "introduced": "0" }, { "last_affected": "4.3.4" }, { "introduced": "0" }, { "last_affected": "4.3.5" }, { "introduced": "0" }, { "last_affected": "4.3.6" }, { "introduced": "0" }, { "last_affected": "4.3.7" }, { "introduced": "0" }, { "last_affected": "4.3.8" }, { "introduced": "0" }, { "last_affected": "4.3.9" }, { "introduced": "0" }, { "last_affected": "4.3.10" }, { "introduced": "0" }, { "last_affected": "4.3.11" }, { "introduced": "0" }, { "last_affected": "5.0" }, { "introduced": "0" }, { "last_affected": "5.0-a1" }, { "introduced": "0" }, { "last_affected": "5.0-rc1" }, { "introduced": "0" }, { "last_affected": "5.0-rc2" }, { "introduced": "0" }, { "last_affected": "5.0-rc3" }, { "introduced": "0" }, { "last_affected": "5.0.1" }, { "introduced": "0" }, { "last_affected": "5.0.2" }, { "introduced": "0" }, { "last_affected": "5.0.3" }, { "introduced": "0" }, { "last_affected": "5.0.4" }, { "introduced": "0" }, { "last_affected": "5.0.5" }, { "introduced": "0" }, { "last_affected": "5.0.6" }, { "introduced": "0" }, { "last_affected": "5.1a1" } ] }
Affected versions
3.*
3.3
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3b1
3.3rc5
4.*
4.0
4.0.1
4.0.10
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.3
4.3.1
4.3.10
4.3.11
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3a1
4.3a2
4.3b1
4.3b2
5.*
5.0
5.0.1
5.0.2
5.0.4
5.0.5
5.0.6
5.0a2
5.0a3
5.0b1
5.0b2
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.1a1
5.1a2
5.1b1