Description
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134)
Oracle Database Server CVE-2014-6452 Vulnerability (CVE-2014-6452)
WordPress Plugin Watu Quiz Cross-Site Scripting (3.1.2.5)
WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)
WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)