Description

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.

Remediation

References

CVE-2012-5491

Related Vulnerabilities

Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-6943)

WordPress Plugin Shariff for WordPress Cross-Site Scripting (1.0.7)

Oracle Application Server Other Vulnerability (CVE-2000-1236)

MySQL CVE-2019-2630 Vulnerability (CVE-2019-2630)

PHP Other Vulnerability (CVE-2006-4484)

Severity

Medium

Classification

CVE-2012-5491 CWE-200

Tags

Missing Update Known Vulnerabilities