Cross-site Scripting (XSS)

2017-01-1807:17:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.002

Percentile

64.8%

JSON

plone is vulnerable to cross-site scripting (XSS). It is possible to perform a reflected XSS via the ZMI (manage_findResult). This vulnerability exists because of an incomplete fix for CVE-2016-7140.

References

plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2

www.curesec.com/blog/article/blog/Plone-XSS-186.html

EPSS

0.002

Percentile

64.8%

JSON

Related for VERACODE:3309