An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Plone(PyPI) | 4.0 | 4.3.20 | N/A |
| Plone(PyPI) | 5.0rc1 | 5.1.7 | N/A |
| Plone(PyPI) | 5.2.0 | 5.2.2 | N/A |
CVSS Metrics
