URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal. But the url https:example.org without slashes tricks our code and it is considered to be in the portal. When redirecting, some browsers go to https://example.org, others give an error. Attackers may use this to redirect you …