Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS12M2hwLWY4cXItY2YzcM4AAV9r

Plone XSS

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Permalink: https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M2hwLWY4cXItY2YzcM4AAV9r
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 month ago

CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-v3hp-f8qr-cf3p, CVE-2016-7138
References:

• https://nvd.nist.gov/vuln/detail/CVE-2016-7138
• https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
• http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
• http://seclists.org/fulldisclosure/2016/Oct/80
• http://www.openwall.com/lists/oss-security/2016/09/05/4
• http://www.openwall.com/lists/oss-security/2016/09/05/5
• https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
• https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
• https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
• http://www.securityfocus.com/archive/1/539572/100/0/threaded
• http://www.securityfocus.com/bid/92752
• https://github.com/advisories/GHSA-v3hp-f8qr-cf3p

Blast Radius: 5.2

Affected Packages