Non-Persistent XSS in Zope2

Summary:

Non-Persistent XSS in Zope2

Vulnerability type:
XSS
Details:
In multiple places, Zope2's ZMI pages do not properly escape user input
Current status:
Patched
Date reported:
Jul 18, 2016
Date patched:
Aug 30, 2016
Reported by:
Sebastian Perez
Fixed by:
Plone Security Team
Coordinated by:
Plone Security Team
CVE Identifier:
CVE-2016-7140
Affected Plone versions:
5.1a1, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0, 5.0rc3, 5.0rc2, 5.0rc1, 4.3.11, 4.3.10, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.7, 4.2.6, 4.2.5, 4.2.4, 4.2.3, 4.2.2, 4.2.1, 4.2, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.10, 4.0.9, 4.0.8, 4.0.7, 4.0.5, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0, 3.3.6, 3.3.5, 3.3.4, 3.3.3, 3.3.2, 3.3.1, 3.3

CVSS Scoring

Access Vector:
Network
Access Complexity:
Medium
Authentication:
Multiple
Confidentiality Impact:
Partial
Integrity Impact:
Partial
Availability Impact:
None
;
This site uses cookies
For this website we use cookies for anonymous analytics gathering and show external content. You can also enable third parties independently.