PT-2017-9090 · Plone · Plone Cms
Sebastian Perez
·
Published
2017-03-07
·
Updated
2022-05-14
·
CVE-2016-7139
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plone CMS versions 3.3.x through 3.3.6
Plone CMS versions 4.x through 4.3.11
Plone CMS versions 5.x through 5.0.6
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. The estimated number of potentially affected devices and details about real-world incidents are not specified.
Recommendations
For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue.
For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue.
For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plone Cms