Description

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2016-7139

Related Vulnerabilities

WordPress Plugin WordPress Button Plugin MaxButtons Multiple Cross-Site Scripting Vulnerabilities (1.36)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1150)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8152)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-8769)

WordPress Plugin Essential Content Types Security Bypass (1.8.6)

Severity

Medium

Classification

CVE-2016-7139 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities