CVE-2016-7137

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7137
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7137.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7137
Aliases
Published
2017-03-07T16:59:00Z
Modified
2025-01-14T06:47:17.038360Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) camefrom parameter to /loginform.

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
006f2dc3068b6d935e30bbea8e4ba41f6acacf33
Last affected
00a67de4ddd27cdec07ed6f4c834131b492e3f91
Last affected
0efd4ab3fdabd8eb64f22328563daae2e1819e4f
Last affected
14f7de1effc24a26a0116caaea0296641f14be94
Last affected
1503c5fa2df3dee711da4ccc6e2cc8a0a65ad6cf
Last affected
16257e3b0027d6f811aceff565aca0879d85be7d
Last affected
1a262281a56953b800bb7cd4d8c574ff46c2d668
Last affected
1ccb8d78a4ddb938981cbe5a855715f2454dcec8
Last affected
1e60ca9217f5038fc7a9ea3b81afcaa1c08f359b
Last affected
204d1e525537a254b16e4151c7229c5bead6df28
Last affected
217e9c10670623e7a06a7bdeca2f80dae73c77d0
Last affected
2183c78b82e1d84deb661043b27356995251de41
Last affected
23d7e1c8a0e0c0bac10e82ce5fcb18a31ad9b069
Last affected
2a627f292e8b06c376b5c7093189b78f778c96b6
Last affected
3bc6cb6b05666aabe770268e34e56bc32ea4a591
Last affected
3e0c78057de5798ed989d0b2ed9dd12ec39978e1
Last affected
3fd1fb166220743e8409af3aa92be8300c5ec940
Last affected
406bbc24630619ad20c86b61f7198da49520a825
Last affected
40fd2b18bd0d733be3d4006ba5e998b11e510d8c
Last affected
42964e94bc07a40a76496e9746fa10b57c21a2d7
Last affected
4708ff915d63bf21a9434d328fcd0b656bc66d94
Last affected
4d260f76643a633d312b81d568ca5bed57e330e0
Last affected
548ce8d5e49774fd3531fc5ed58880c7a741a761
Last affected
5d3edca6781cf97ae971db366f847e01887995e2
Last affected
5f05c642ef0796b15e447793755b1bbd8ce40905
Last affected
5fe576e77155d3a1946699472dc064c66e8facb5
Last affected
6371a276e3775cb11070862a0045b34aa1973b12
Last affected
679129d1d6825506f9e13563b8abf4be3723ed33
Last affected
6c3530a6e8a4cf306e3579f204fd046f145679d7
Last affected
6ffff6a69083367d6d6720444aa067be4899780b
Last affected
7d94a438dde3784322813a399d46c54cd5b864e5
Last affected
829aa2dd9d8f088ebf8f3da49b9e32ba90326135
Last affected
829b1603d106a6674015e8a65a68dc89cda74bf3
Last affected
83b346aef1cd7a5ea851fe5c02af4b94648767c6
Last affected
87d616d0808098b357922960dbec185c219acb13
Last affected
8a6687397896c935b7f2c59b58500fdf234854bb
Last affected
9378e691c0d32d5a6b16550d7a4bbad5792714be
Last affected
9ef97fe1f46b8383ac3c48a9110e4cfccd7f807f
Last affected
ab50347a0aeb2c3d68b6f7faae6a82d0a0e91516
Last affected
ad49b9b055b2a9a0ee40f82f23d85b786335756c
Last affected
b0a5c6ce2148edc9c2055961f64af788d1054fc4
Last affected
b555ce9afef4273221c960fdfc6afa508fa590ad
Last affected
bfad4ef994a9b471fbfb314256df6840f286a032
Last affected
c3d7603485d808537e024883ce401ad504924a5a
Last affected
c4244a4887e0901a1c17b3ee60e1cfbe19ee46c5
Last affected
c6ca3fa925108f7bc2a638c5f7335b6767a743a1
Last affected
c7ca35de26093e40ae01ad0778b960cfde71fb3d
Last affected
ccc8eff38984b0a25a5827aabfdb8ab5e798ce30
Last affected
cdf44d1d0bea8b8d48f896ad7821d37715142ccf
Last affected
d4d2a336b6ec125c60610a22a003502858ac51a5
Last affected
d89e290ebd951a584b7a55bcb4439b0898620288
Last affected
d8f0c3f23d11b3ecf37740b454c8698521eb9ef9
Last affected
e759411203bd0746cd7a1ed396c16b4843342e8c
Last affected
eb76237a4e6587a8249acfe0649c153d9d1df910
Last affected
f3dd0b7fac24438482e4368280a534f868b75f97
Type
GIT
Repo
https://github.com/plone/plone.namedfile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00a16beda46de611ce66233e57db2e2aa8f7e283
Last affected
063e7ac36260329561a8217c46f60252b9bf922a
Last affected
10871862d94dae6e2051ebbca7a9c304bed5eb50
Last affected
18c7758e464f45568ad89b81877d5c8fe8fa1fa4
Last affected
29e22ca1987dcae970b89f39a4479171426bb6bf
Last affected
3b42eb99400431313b4520c2889282578f3a8e9a
Last affected
438a3898a1cb1aeadfa5e905a43d48fbb9c24732
Last affected
49fb6e5b7f97a02402bc12219a9d8e7d04c6e217
Last affected
5d4997222da0a134f49b2f7f3ab993b683ab6210
Last affected
68a55dfe9cc8f65975424d2aa964d6ba38023939
Last affected
723179c83d8473f2cbf806005d5d1d466acf584a
Last affected
a032401cf4e229af4ba216db39602c88699dca13
Last affected
b67f856cd88a6d290332c43f286c59b584eb8082
Last affected
b7787c16ced50a6b71390f7b72fed102c15f17bc
Last affected
bab403f2ad39aa1f6e8a66fa92d2a8a8c7546469
Last affected
bbcbbf9feddfc5958feb8626ba9a66dc9062b759
Last affected
e14e660f2b54924bbfb6dfe0a30c58d44183a2cc
Last affected
eb2b5cd7accb78fb18deb64f6d8e47ed8049082f

Affected versions

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0b5
1.0b6
1.0b7
1.0b8

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.7

4.*

4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.1
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2.0
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3.2
4.3.3
4.3a1
4.3a2
4.3b1
4.3b2

5.*

5.0a2
5.0a3
5.0b1