6.1

CVE-2016-7136

Exploit
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PlonePlone Version4.0
PlonePlone Version4.0.1
PlonePlone Version4.0.2
PlonePlone Version4.0.3
PlonePlone Version4.0.4
PlonePlone Version4.0.5
PlonePlone Version4.0.7
PlonePlone Version4.0.8
PlonePlone Version4.0.9
PlonePlone Version4.0.10
PlonePlone Version4.1
PlonePlone Version4.1.1
PlonePlone Version4.1.2
PlonePlone Version4.1.3
PlonePlone Version4.1.4
PlonePlone Version4.1.5
PlonePlone Version4.1.6
PlonePlone Version4.2
PlonePlone Version4.2.1
PlonePlone Version4.2.2
PlonePlone Version4.2.3
PlonePlone Version4.2.4
PlonePlone Version4.2.5
PlonePlone Version4.2.6
PlonePlone Version4.2.7
PlonePlone Version4.3
PlonePlone Version4.3.1
PlonePlone Version4.3.2
PlonePlone Version4.3.3
PlonePlone Version4.3.4
PlonePlone Version4.3.5
PlonePlone Version4.3.6
PlonePlone Version4.3.7
PlonePlone Version4.3.8
PlonePlone Version4.3.9
PlonePlone Version4.3.10
PlonePlone Version4.3.11
PlonePlone Version5.0
PlonePlone Version5.0 Updatea1
PlonePlone Version5.0 Updaterc1
PlonePlone Version5.0 Updaterc2
PlonePlone Version5.0 Updaterc3
PlonePlone Version5.0.1
PlonePlone Version5.0.2
PlonePlone Version5.0.3
PlonePlone Version5.0.4
PlonePlone Version5.0.5
PlonePlone Version5.0.6
PlonePlone Version5.1a1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.58% 0.723
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2016/Oct/80
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/05/4
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/09/05/5
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/539572/100/0/threaded
http://www.securityfocus.com/bid/92752
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
Vendor Advisory