Description

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

Remediation

References

CVE-2013-4194

Related Vulnerabilities

WordPress Plugin WP Symposium Toolbar Unspecified Vulnerability (0.26.0)

Oracle Database Server CVE-2007-2110 Vulnerability (CVE-2007-2110)

WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)

Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0997)

Severity

Medium

Classification

CVE-2013-4194 CWE-200

Tags

Missing Update Known Vulnerabilities