11 matches found
EUVD-2017-0097
Malware in sbrugna...
GHSA-84JM-CPC5-C7G7 Plone XSS in Zope ZMI
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
Plone XSS in Zope ZMI
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
Plone Incompletely Fixes Cross-Site Scripting Vulnerability
Plone is the United States Plone Foundation's set of free and open source content management system CMS built on Zope based on Python's open source object-oriented Web application server.Zope ZMI is one of the management interface. A cross-site scripting vulnerability exists in the managefindResu...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
PYSEC-2017-64
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
PYSEC-2017-64
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
CVE-2016-7147
CVE-2016-7147 is an XSS in the manage_findResult component of the Zope ZMI search for Plone: Plone 4.x (before 4.3.12) and Plone 5.x (before 5.0.7) are affected. The issue stems from an incomplete fix for CVE-2016-7140 and allows remote attackers to inject arbitrary script/HTML via obj_ids:tokens...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...