Lucene search
GoogleOSV:GHSA-22JM-P2VV-J2HCHistoryMay 14, 2022 - 2:46 a.m.
Plone XSS
2022-05-1402:46:11
Google
osv.dev
13
plone
xss
z3c.form
cms
remote attackers
cross-site scripting
get request
EPSS
0.003
Percentile
71.8%
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
References
packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
seclists.org/fulldisclosure/2016/Oct/80
www.openwall.com/lists/oss-security/2016/09/05/4
www.openwall.com/lists/oss-security/2016/09/05/5
github.com/plone/Plone
nvd.nist.gov/vuln/detail/CVE-2016-7136
plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
web.archive.org/web/20210625091607/www.securityfocus.com/bid/92752
web.archive.org/web/20210625092107/www.securityfocus.com/archive/1/539572/100/0/threaded
Related
redhatcve
redhatcve
CVE-2016-7136
2016-09-06 09:48:37
cve
cve
CVE-2016-7136
2017-03-07 16:59:00
osv
osv
CVE-2016-7136
2017-03-07 16:59:00
PYSEC-2017-59
2017-03-07 16:59:00
prion
prion
Cross site scripting
2017-03-07 16:59:00
github
github
Plone XSS
2022-05-14 02:46:11
cvelist
cvelist
CVE-2016-7136
2017-03-07 16:00:00
nvd
nvd
CVE-2016-7136
2017-03-07 16:59:00
packetstorm
packetstorm
Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
2016-10-12 00:00:00
openvas
openvas
Plone CMS < 4.3.12, 5.x < 5.0.7 Multiple Vulnerabilities
2016-10-31 00:00:00
nessus
nessus
RHEL 5 : conga (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : plone (Unpatched Vulnerability)
2024-05-11 00:00:00