CVE-2013-4195
Plone Multiple open redirect vulnerabilities
4.7
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
How to fix CVE-2013-4195
To remediate CVE-2013-4195, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.1 or later
- —upgrade to 4.1.1 or later
Is CVE-2013-4195 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.1, < 4.1.1
- >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM4.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |