Description

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Remediation

References

CVE-2013-4189

Related Vulnerabilities

MySQL CVE-2018-3078 Vulnerability (CVE-2018-3078)

ownCloud Other Vulnerability (CVE-2014-2054)

PHP Resource Management Errors Vulnerability (CVE-2011-1148)

WordPress Plugin Interactive SVG Image Map Builder Cross-Site Scripting (1.0)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4562)

Severity

Medium

Classification

CVE-2013-4189

Tags

Missing Update Known Vulnerabilities