PT-2014-2753 · Plone Foundation · Plone

Publicado

2014-03-11

·

Atualizado

2022-05-17

·

CVE-2013-4190

CVSS v4.0

5.3

Média

VetorAV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Name of the Vulnerable Software and Affected Versions Plone versions 2.1 through 4.1 Plone versions 4.2.x through 4.2.5 Plone versions 4.3.x through 4.3.1
Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors due to multiple cross-site scripting (XSS) vulnerabilities in the spamProtect.py, pts.py, and request.py files.
Recommendations For Plone versions 2.1 through 4.1, update to a version outside of this range to resolve the issue. For Plone versions 4.2.x through 4.2.5, update to a version outside of this range to resolve the issue. For Plone versions 4.3.x through 4.3.1, update to a version outside of this range to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2013-4190
GHSA-89RQ-27XP-VGV7
PYSEC-2014-54

Produtos afetados

Plone