Description

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Remediation

References

CVE-2013-4189

Related Vulnerabilities

Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.1)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4958)

Severity

Medium

Classification

CVE-2013-4189

Tags

Missing Update Known Vulnerabilities