CVE-2015-7293

🗓️ 25 Sep 2017 21:00:00Reported by certccType

cve

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

Multiple CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2015-7293	2 May 202423:17	–	circl
CNVD	Zope Management Interface and Plone Cross-Site Request Forgery Vulnerabilities	12 Oct 201700:00	–	cnvd
Cvelist	CVE-2015-7293	25 Sep 201721:00	–	cvelist
EUVD	EUVD-2017-0084	7 Oct 202500:30	–	euvd
Github Security Blog	Plone vulnerable to cross-site request forgery	17 May 202200:34	–	github
NVD	CVE-2015-7293	25 Sep 201721:29	–	nvd
OSV	GHSA-P3QM-44CF-F8QX Plone vulnerable to cross-site request forgery	17 May 202200:34	–	osv
OSV	PYSEC-2017-51	25 Sep 201721:29	–	osv
Packet Storm	Zope Management Interface 4.3.7 Cross Site Request Forgery	7 Oct 201500:00	–	packetstorm
Prion	Cross site request forgery (csrf)	25 Sep 201721:29	–	prion

NVD

Node

plone ploneMatch3.3

OR

plone ploneMatch3.3.1

OR

plone ploneMatch3.3.2

OR

plone ploneMatch3.3.3

OR

plone ploneMatch3.3.4

OR

plone ploneMatch3.3.5

OR

plone ploneMatch3.3.6

OR

plone ploneMatch4.0

OR

plone ploneMatch4.0.1

OR

plone ploneMatch4.0.2

OR

plone ploneMatch4.0.3

OR

plone ploneMatch4.0.4

OR

plone ploneMatch4.0.5

OR

plone ploneMatch4.0.7

OR

plone ploneMatch4.0.8

OR

plone ploneMatch4.0.9

OR

plone ploneMatch4.0.10

OR

plone ploneMatch4.1

OR

plone ploneMatch4.1.1

OR

plone ploneMatch4.1.2

OR

plone ploneMatch4.1.3

OR

plone ploneMatch4.1.4

OR

plone ploneMatch4.1.5

OR

plone ploneMatch4.1.6

OR

plone ploneMatch4.2

OR

plone ploneMatch4.2.1

OR

plone ploneMatch4.2.2

OR

plone ploneMatch4.2.3

OR

plone ploneMatch4.2.4

OR

plone ploneMatch4.2.5

OR

plone ploneMatch4.2.6

OR

plone ploneMatch4.2.7

OR

plone ploneMatch4.3

OR

plone ploneMatch4.3.1

OR

plone ploneMatch4.3.2

OR

plone ploneMatch4.3.3

OR

plone ploneMatch4.3.4

OR

plone ploneMatch4.3.5

OR

plone ploneMatch4.3.6

OR

plone ploneMatch4.3.7

OR

plone ploneMatch4.3.8

OR

plone ploneMatch4.3.9

OR

plone ploneMatch4.3.10

OR

plone ploneMatch4.3.11

OR

plone ploneMatch4.3.12

OR

plone ploneMatch4.3.14

Node

zope zope_management_interfaceRange≤4.3.7

Source	Link
exploit-db	www.exploit-db.com/exploits/38411/
packetstormsecurity	www.packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
pypi	www.pypi.python.org/pypi/plone4.csrffixes
plone	www.plone.org/security/hotfix/20151006

Parameter	Position	Path	Description	CWE
title	request body	Plone/Members/portal_factory/Link/link.2015-08-30.6666666666/atct_edit	CSRF exploit via POST to Plone/Zope endpoint to create or modify content (atct_edit) using forged requests.	CWE-352
remoteUrl	request body	Plone/Members/portal_factory/Link/link.2015-08-30.6666666666/atct_edit	CSRF exploit via POST to Plone/Zope endpoint to create or modify content (atct_edit) using forged requests.	CWE-352
fieldset	request body	Plone/Members/portal_factory/Link/link.2015-08-30.6666666666/atct_edit	CSRF exploit via POST to Plone/Zope endpoint to create or modify content (atct_edit) using forged requests.	CWE-352
form.submitted	request body	Plone/Members/portal_factory/Link/link.2015-08-30.6666666666/atct_edit	CSRF exploit via POST to Plone/Zope endpoint to create or modify content (atct_edit) using forged requests.	CWE-352
title:UTF-8:string	request body	/	CSRF exploit that triggers Persistent XSS by submitting crafted title to Zope/Plone via POST.	CWE-352
manage_editProperties:method	request body	/	CSRF exploit that triggers Persistent XSS by submitting crafted title to Zope/Plone via POST.	CWE-352

13 May 2026 00:24Current

8.9High risk

Vulners AI Score8.9

CVSS 26.8

CVSS 38.8

EPSS0.00332

cve-2015-7293 csrf zope management interface plone nvd