Description
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)
Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)
Oracle JRE CVE-2012-1726 Vulnerability (CVE-2012-1726)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7951)