CVE-2013-4192 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.1 <4.1.1 || >=4.2 <4.2.6 || >=4.3 <4.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00218 pctl0.44399

Details

Plone is vulnerable to email spoofing sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.

Metadata

Created: 2022-05-17T04:49:45Z
Modified: 2024-10-15T17:22:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f5h9-3hpf-9j8m/GHSA-f5h9-3hpf-9j8m.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-f5h9-3hpf-9j8m
Finding: F184
Auto approve: 1