CVE-2016-7140 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=5.0a1 <5.0.7 || >=3.3a1 <4.3.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00491 pctl0.64623

Details

Plone vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-14T02:45:58Z
Modified: 2024-10-18T21:41:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-chvw-gjxf-f8mc/GHSA-chvw-gjxf-f8mc.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-chvw-gjxf-f8mc
Finding: F425
Auto approve: 1