Description

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-7140

Related Vulnerabilities

WordPress Plugin Email Artillery (MASS EMAIL) Multiple Vulnerabilities (4.1)

WordPress 0.7 Posts SQL Injection Vulnerability (0.7)

WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)

MediaWiki Other Vulnerability (CVE-2012-5395)

osCommerce Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-18572)

Severity

Medium

Classification

CVE-2016-7140 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities