VYPR

PyPI package

products.isurlinportal

pkg:pypi/products.isurlinportal

Vulnerabilities (2)

  • CVE-2026-28413Mar 5, 2026
    affected >= 4.0.0a1, < 4.0.0fixed 4.0.0

    Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0.

  • CVE-2021-32806Aug 2, 2021
    affected < 1.2.0fixed 1.2.0

    Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url