CVE-2013-4193 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.1 <4.1.1 || >=4.2 <4.2.6 || >=4.3 <4.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00309 pctl0.53579

Details

Plone Unrestricted Filed Manipulation vulnerability via content edit forms typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

Metadata

Created: 2022-05-17T04:49:44Z
Modified: 2024-10-17T21:00:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fgf-x7wg-hp8r/GHSA-6fgf-x7wg-hp8r.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-6fgf-x7wg-hp8r
Finding: F039
Auto approve: 1