CVE-2016-7139
MEDIUM6.1EPSS 0.49%Plone Cross-site Scripting (XSS) vulnerability
發布日:2022/5/14修改日:2024/10/15
描述
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
受影響套件(2)
- PyPI/plone>= 5.0, < 5.0.6
- PyPI/plone>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-7139
- PATCHhttps://github.com/plone/Plone
- WEBhttp://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
- WEBhttp://seclists.org/fulldisclosure/2016/Oct/80
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml
- WEBhttps://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone
- WEBhttps://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752
- WEBhttps://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/05/4
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/05/5
- WEBhttp://www.securityfocus.com/archive/1/539572/100/0/threaded
- WEBhttp://www.securityfocus.com/bid/92752