Description

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Remediation

References

CVE-2016-7138

Related Vulnerabilities

WordPress Plugin Page Visit Counter SQL Injection (4.0.9)

WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)

WordPress Plugin WordPress InviteBox for viral Refer-a-Friend Promotions Cross-Site Scripting (1.4.1)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2644)

Severity

Medium

Classification

CVE-2016-7138 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities