Main Vulnerability Database Vulnerabilities #VU41937

Input validation error in Plone - CVE-2013-4195

Published: March 11, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41937

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4195

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Plone

Affected software:
Plone

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

How to mitigate CVE-2013-4195

Install update from vendor's website.

Sources

http://plone.org/products/plone/security/advisories/20130618-announcement
http://plone.org/products/plone-hotfix/releases/20130618
http://seclists.org/oss-sec/2013/q3/261
https://bugzilla.redhat.com/show_bug.cgi?id=978471

Input validation error in Plone - CVE-2013-4195

Detailed vulnerability description

How to mitigate CVE-2013-4195

Sources

Please verify you're human