6 matches found
Plone 5.0.5 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Plone 5.0.5 Fixed in: Hotfix 20170117 Fixed Version Link: https://plone.org/security/hotfix/20170117 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/05/2016...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
CVE-2016-7147
CVE-2016-7147 is an XSS in the manage_findResult component of the Zope ZMI search for Plone: Plone 4.x (before 4.3.12) and Plone 5.x (before 5.0.7) are affected. The issue stems from an incomplete fix for CVE-2016-7140 and allows remote attackers to inject arbitrary script/HTML via obj_ids:tokens...
CVE-2016-7147
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...