mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
92 lines
3.5 KiB
JSON
92 lines
3.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2016-7137",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
|
|
"refsource": "MISC",
|
|
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
|
|
},
|
|
{
|
|
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
|
|
"refsource": "FULLDISC",
|
|
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
|
|
},
|
|
{
|
|
"name": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
|
|
},
|
|
{
|
|
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
|
|
},
|
|
{
|
|
"name": "92752",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/92752"
|
|
}
|
|
]
|
|
}
|
|
} |