PT-2017-9091 · Plone Foundation+1 · Plone Cms+1
Sebastian Perez
·
Publicado
2017-03-07
·
Atualizado
2022-05-14
·
CVE-2016-7140
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plone CMS versions 3.3.x through 3.3.6
Plone CMS versions 4.x through 4.3.11
Plone CMS versions 5.x through 5.0.6
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue.
For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue.
For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plone Cms
Zope2