Description

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

Remediation

References

CVE-2011-0720

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36234)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7875)

WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2011-0720

Tags

Missing Update Known Vulnerabilities