Safety vulnerability ID: 35684
The information on this page was manually curated by our Cybersecurity Intelligence Team.
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
Latest version: 6.1.1
The Plone Content Management System
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
BUGTRAQ:20161012 Multiple Vulnerabilities in Plone CMS: http://www.securityfocus.com/archive/1/archive/1/539572/100/0/threaded
FULLDISC:20161019 Multiple Vulnerabilities in Plone CMS: http://seclists.org/fulldisclosure/2016/Oct/80
MLIST:[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities: http://www.openwall.com/lists/oss-security/2016/09/05/4
MLIST:[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities: http://www.openwall.com/lists/oss-security/2016/09/05/5
MISC:http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
CONFIRM:https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
BID:92752: http://www.securityfocus.com/bid/92752
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application