Description

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

Remediation

References

CVE-2013-4193

Related Vulnerabilities

Oracle JRE CVE-2012-0498 Vulnerability (CVE-2012-0498)

Drupal Other Vulnerability (CVE-2005-3974)

WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)

WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)

MySQL CVE-2018-2784 Vulnerability (CVE-2018-2784)

Severity

Medium

Classification

CVE-2013-4193 CWE-264

Tags

Missing Update Known Vulnerabilities