Lucene search
GoogleOSV:PYSEC-2017-63HistoryMar 07, 2017 - 4:59 p.m.
PYSEC-2017-63
2017-03-0716:59:00
Google
osv.dev
6
0.002 Low
EPSS
Percentile
64.9%
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
seclists.org/fulldisclosure/2016/Oct/80
www.openwall.com/lists/oss-security/2016/09/05/4
www.openwall.com/lists/oss-security/2016/09/05/5
www.securityfocus.com/archive/1/539572/100/0/threaded
www.securityfocus.com/bid/92752
plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2
Related
cvelist
cvelist
CVE-2016-7140
2017-03-07 16:00:00
CVE-2016-7147
2017-02-04 05:20:00
cve
cve
CVE-2016-7140
2017-03-07 16:59:01
CVE-2016-7147
2017-02-04 05:59:00
nvd
nvd
CVE-2016-7140
2017-03-07 16:59:01
CVE-2016-7147
2017-02-04 05:59:00
osv
osv
CVE-2016-7140
2017-03-07 16:59:01
Plone XSS in Zope ZMI
2022-05-17 03:00:45
PYSEC-2017-64
2017-02-04 05:59:00
prion
prion
Cross site scripting
2017-03-07 16:59:00
Cross site scripting
2017-02-04 05:59:00
redhatcve
redhatcve
CVE-2016-7140
2016-09-06 11:18:54
github
github
Plone vulnerable to Cross-site Scripting
2022-05-14 02:45:58
Plone XSS in Zope ZMI
2022-05-17 03:00:45
ubuntucve
ubuntucve
CVE-2016-7147
2017-02-04 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-01-18 07:17:41
packetstorm
packetstorm
Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
2016-10-12 00:00:00
openvas
openvas
Plone CMS < 4.3.12, 5.x < 5.0.7 Multiple Vulnerabilities
2016-10-31 00:00:00
nessus
nessus
RHEL 5 : conga (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : plone (Unpatched Vulnerability)
2024-05-11 00:00:00