Description
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Dropdown and scrollable Text Cross-Site Scripting (2.0)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9863)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)
PrestaShop Files or Directories Accessible to External Parties Vulnerability (CVE-2020-5250)
WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)