Description
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Remediation
References
Related Vulnerabilities
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8707)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)
WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.6.3)
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Security Bypass (4.9.3)