Description
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-6358)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.2.6)
Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)
WordPress Plugin Locatoraid Store Locator Cross-Site Request Forgery (3.9.11)