CVE-2024-0669

Name of the Vulnerable Software and Affected Versions Plone CMS versions prior to 6.0.5

Description A Cross-Frame Scripting issue has been found in Plone CMS. This issue allows an attacker to store a malicious URL that can be opened by an administrator, potentially leading to the execution of a malicious iframe element.

Recommendations For versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to areas where malicious URLs can be stored and executed, to minimize the risk of exploitation.