Description

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-7140

Related Vulnerabilities

WordPress Plugin Automated Registration of the Course Multiple Cross-Site Scripting Vulnerabilities (1.0)

WordPress Plugin WP Dev Powers:ACF Color Coded Field Types Security Bypass (1.0)

WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.24)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9639)

WordPress Plugin WordPress Landing Pages Cross-Site Scripting (1.8.5)

Severity

Medium

Classification

CVE-2016-7140 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities