CVE-2016-7138
MEDIUM6.1EPSS 0.49%Plone XSS
發布日:2022/5/14修改日:2024/10/18
描述
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
受影響套件(2)
- PyPI/plone>= 5.0.0, <= 5.0.6
- PyPI/plone>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-7138
- PATCHhttps://github.com/plone/Plone
- WEBhttp://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
- WEBhttp://seclists.org/fulldisclosure/2016/Oct/80
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
- WEBhttps://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
- WEBhttps://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
- WEBhttps://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/05/4
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/05/5
- WEBhttp://www.securityfocus.com/archive/1/539572/100/0/threaded
- WEBhttp://www.securityfocus.com/bid/92752