Description

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2016-7139

Related Vulnerabilities

PHP Resource Management Errors Vulnerability (CVE-2006-1549)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19993)

WordPress Plugin ShopLentor-WooCommerce Builder for Elementor & Gutenberg +10 Modules-All in One Solution (formerly WooLentor) Multiple Vulnerabilities (2.5.3)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)

WordPress Plugin VO Store Locator-WP Store Locator Unspecified Vulnerability (3.2.14)

Severity

Medium

Classification

CVE-2016-7139 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities