First published: Thu Jan 23 2020(Updated: )
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Plone Plone | >=4.0.0<=5.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7936 is a vulnerability in Plone 4.0 through 5.2.1 that allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
The severity of CVE-2020-7936 is medium with a CVSS score of 6.1.
Plone 4.0 through 5.2.1 are affected by CVE-2020-7936.
To fix the CVE-2020-7936 vulnerability, upgrade Plone to version 5.2.2, 5.1.7, or 4.3.20 depending on the affected version.
You can find more information about CVE-2020-7936 on the National Vulnerability Database (NVD) and the Plone website.