VYPR

Products.isurlinportal

by Plone (software)

pypi: products.isurlinportal

Source repositories

CVEs (2)

  • CVE-2021-32806MedAug 2, 2021
    risk 0.35cvss 6.5epss 0.01

    Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a…

  • CVE-2026-28413Mar 5, 2026
    risk 0.00cvss epss 0.00

    Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0.