Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7062)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.

Remediation

References

Related Vulnerabilities

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)

Chamilo Other Vulnerability (CVE-2023-34958)

WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2606)

WordPress Plugin MyThemeShop Theme/Plugin Updater Cross-Site Scripting (1.2.3)

Severity

Medium

Classification

CVE-2013-7062 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities