CVE-2016-7138 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=5.0.0 <=5.0.6 || >=4.0.0 <=4.3.11 || >=3.3.0 <=3.3.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00491 pctl0.64623

Details

Plone XSS Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Metadata

Created: 2022-05-14T02:45:59Z
Modified: 2024-10-18T21:40:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v3hp-f8qr-cf3p/GHSA-v3hp-f8qr-cf3p.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v3hp-f8qr-cf3p
Finding: F008
Auto approve: 1