Description

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

Remediation

References

CVE-2013-4194

Related Vulnerabilities

Jboss EAP Improper Handling of Exceptional Conditions Vulnerability (CVE-2018-8039)

Nginx CVE-2011-4963 Vulnerability (CVE-2011-4963)

WordPress Plugin Crelly Slider Arbitrary File Upload (1.3.4)

Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5188)

WordPress Plugin All-in-One WP Migration Cross-Site Scripting (7.62)

Severity

Medium

Classification

CVE-2013-4194 CWE-200

Tags

Missing Update Known Vulnerabilities