PT-2017-9091 · Plone Foundation+1 · Plone Cms+1
Sebastian Perez
·
Published
2017-03-07
·
Updated
2022-05-14
·
CVE-2016-7140
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plone CMS versions 3.3.x through 3.3.6
Plone CMS versions 4.x through 4.3.11
Plone CMS versions 5.x through 5.0.6
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue.
For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue.
For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plone Cms
Zope2