Description

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2016-7140

Related Vulnerabilities

WordPress Plugin Google Analytics by BestWebSoft Cross-Site Scripting (1.7.0)

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624)

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (5.3.6)

Severity

Medium

Classification

CVE-2016-7140 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities