Description

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Remediation

References

CVE-2016-7138

Related Vulnerabilities

Oracle Database Server CVE-2011-0876 Vulnerability (CVE-2011-0876)

WordPress Plugin WP Database Reset Multiple Security Bypass Vulnerabilities (3.1)

MySQL CVE-2017-3529 Vulnerability (CVE-2017-3529)

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)

WordPress Plugin Search & Filter Cross-Site Scripting (1.2.15)

Severity

Medium

Classification

CVE-2016-7138 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities