{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28413", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T15:33:57.289Z", "datePublished": "2026-03-05T20:16:10.098Z", "dateUpdated": "2026-03-06T17:03:20.625Z"}, "containers": {"cna": {"title": "Products.isurlinportal: Possible open redirect when using more than 2 forward slashes", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-43gx-6gv6-3jcp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-43gx-6gv6-3jcp"}], "affected": [{"vendor": "plone", "product": "Products.isurlinportal", "versions": [{"version": "< 4.0.0", "status": "affected"}, {"version": "< 3.1.0", "status": "affected"}, {"version": "< 2.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T20:16:10.098Z"}, "descriptions": [{"lang": "en", "value": "Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0."}], "source": {"advisory": "GHSA-43gx-6gv6-3jcp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T17:03:13.614912Z", "id": "CVE-2026-28413", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:03:20.625Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28413", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T15:33:57.289Z", "datePublished": "2026-03-05T20:16:10.098Z", "dateUpdated": "2026-03-06T17:03:20.625Z"}, "containers": {"cna": {"title": "Products.isurlinportal: Possible open redirect when using more than 2 forward slashes", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-43gx-6gv6-3jcp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-43gx-6gv6-3jcp"}], "affected": [{"vendor": "plone", "product": "Products.isurlinportal", "versions": [{"version": "< 4.0.0", "status": "affected"}, {"version": "< 3.1.0", "status": "affected"}, {"version": "< 2.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T20:16:10.098Z"}, "descriptions": [{"lang": "en", "value": "Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0."}], "source": {"advisory": "GHSA-43gx-6gv6-3jcp", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28413", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T17:03:13.614912Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:03:17.005Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:isurlinportal:*:*:*:*:*:plone:*:*", "matchCriteriaId": "CB86276A-A2CA-4A1D-A561-337BA47C174E", "versionEndExcluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:isurlinportal:*:*:*:*:*:plone:*:*", "matchCriteriaId": "E6E0342A-84FD-4EC8-A53B-300EF35929D1", "versionEndExcluding": "3.1.0", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:isurlinportal:4.0.0:alpha1:*:*:*:plone:*:*", "matchCriteriaId": "BE50DFD7-6F25-43CC-BC56-1EE047E39FE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?came_from=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0."}, {"lang": "es", "value": "Products.isurlinportal es un reemplazo para el m\u00e9todo isURLInPortal en Plone. Antes de las versiones 2.1.0, 3.1.0 y 4.0.0, una URL /login?came_from=////evil.example podr\u00eda redirigir a un sitio web externo despu\u00e9s de iniciar sesi\u00f3n. Este problema ha sido parcheado en las versiones 2.1.0, 3.1.0 y 4.0.0."}], "id": "CVE-2026-28413", "lastModified": "2026-03-17T18:32:49.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T21:16:22.023", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-43gx-6gv6-3jcp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.0.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.0)"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 81.0, "source": "matching"}]}, "original": {"product": "Products.isurlinportal", "source": "cna", "vendor": "plone"}, "product": "isurlinportal", "vendor": "plone"}], "analysis": {"en": {"generated_at": "2026-04-18T09:52:58.435583+00:00", "value": {"mitigation_remediation": ["Upgrade Products.isurlinportal to version 2.1.0, 3.1.0, or 4.0.0, whichever applies to your release.", "Validate the 'came_from' parameter so that it does not contain more than two consecutive slashes, preventing the redirect logic from triggering.", "Monitor authentication logs for suspicious redirect patterns to detect any attempts to exploit this vulnerability."], "summary": {"action": "Patch Now", "impact": "Open Redirect"}, "threat_synthesis": {"affected_systems": "Plone\u2019s Products.isurlinportal component, versions prior to 2.1.0, 3.1.0, and 4.0.0, are vulnerable to this issue.", "description_and_impact": "Products.isurlinportal includes a method that can redirect users to external sites when the 'came_from' parameter contains more than two forward slashes. An attacker can craft a URL such as /login?came_from=////evil.example, causing the site to send users to a malicious domain after authentication. This leads to an open\u2011redirect vulnerability, exposing users to phishing or other social\u2011engineering attacks.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, implying no known public exploits at this time. Attackers can target the site remotely by generating a malicious redirect link that includes multiple forward slashes in the 'came_from' parameter. Patching to the fixed versions removes the flaw and eliminates the risk of unwanted redirects for logged\u2011in users."}}}}, "created": "2026-03-06T15:01:04.637055+00:00", "updated": "2026-04-18T10:00:10.332188+00:00", "vendors": ["plone", "plone$PRODUCT$isurlinportal"]}