Plone isURLInPortal 4.0.0 Alpha 1 for Plone
Approved changes feed: RSS · Atom
cpe:2.3:a:plone:isurlinportal:4.0.0:alpha1:*:*:*:plone:*:*
part: a version: 4.0.0 update: alpha1
| Vendor | Plone (20065100-5fec-5b5e-bb46-a6d4673848e0) |
|---|---|
| Product | Isurlinportal (c18b68c4-7d41-5f81-9dcd-f18fa45a7812) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | plone |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/plone/products.isurlinportal |
purl2cpe | 2026-06-01 10:16:04.143289 |
pkg:pypi/products.isurlinportal |
purl2cpe | 2026-06-01 10:16:04.143290 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-28413 |
vulnerable | 2026-06-03 15:18:08.394231 |
Products.isurlinportal: Possible open redirect when using more than 2 forward slashes
MEDIUM (5.3)
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0.
Published: 2026-03-05T20:16:10.098Z
Updated: 2026-03-06T17:03:20.625Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.