Description

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2016-7139

Related Vulnerabilities

Oracle JRE CVE-2023-21835 Vulnerability (CVE-2023-21835)

Squid Use After Free Vulnerability (CVE-2023-49288)

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2020-4965)

Oracle JRE CVE-2018-2602 Vulnerability (CVE-2018-2602)

Oracle Database Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0275)

Severity

Medium

Classification

CVE-2016-7139 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities