products-isurlinportal
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting products-isurlinportalpage 1 of 1
- CVE-2021-32806MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.2.02021-08-02
vulnerable: 1.0.0, 1.1.0, 1.1.1
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly …
- CVE-2026-28413MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.1.02026-03-02
vulnerable: 1.0.0 ... 3.0.1 (11 versions)
Products.isurlinportal has possible open redirect when using more than 2 forward slashes ### Impact A url `/login?came_from=////evil.example` may redirect to an external website after login. Standard Plone is not affected, but if you hav…
Check whether products-isurlinportal is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for products-isurlinportal CVEs against the assets you own.
Start Free Scan →