Loading
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
Use CWE-601, Plone vendor hub and Plone product page to widen CVE-2016-7137 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-33509, CVE-2021-33926 and CVE-2024-22889 for nearby disclosures in the same product family.