CVE-2024-0669

HIGH7.1EPSS 0.05%

Cross-Frame Scripting vulnerability has been found on Plone CMS

發布日:2024/1/18修改日:2024/2/16

描述

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

受影響套件(1)

PyPI/plonefrom 0, < 6.0.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-0669
PATCHhttps://github.com/plone/Plone
WEBhttps://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms