Description
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Universal Star Rating Unspecified Vulnerability (1.10.3)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)
WordPress Plugin Comic Book Management System SQL Injection (2.1.0)
Oracle Database Server CVE-2020-2527 Vulnerability (CVE-2020-2527)
WordPress Improper Input Validation Vulnerability (CVE-2013-5738)