CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-7136

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile30.26th
Published2017年3月7日
Last Modified2026年5月13日

Vulnerability Description

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.

Affected Platforms (CPE)

📦
Plone

Plone

= 4.0
📦
Plone

Plone

= 4.0.1
📦
Plone

Plone

= 4.0.2
📦
Plone

Plone

= 4.0.3
📦
Plone

Plone

= 4.0.4
📦
Plone

Plone

= 4.0.5
📦
Plone

Plone

= 4.0.7
📦
Plone

Plone

= 4.0.8
📦
Plone

Plone

= 4.0.9
📦
Plone

Plone

= 4.0.10
📦
Plone

Plone

= 4.1
📦
Plone

Plone

= 4.1.1
📦
Plone

Plone

= 4.1.2
📦
Plone

Plone

= 4.1.3
📦
Plone

Plone

= 4.1.4
📦
Plone

Plone

= 4.1.5
📦
Plone

Plone

= 4.1.6
📦
Plone

Plone

= 4.2
📦
Plone

Plone

= 4.2.1
📦
Plone

Plone

= 4.2.2
📦
Plone

Plone

= 4.2.3
📦
Plone

Plone

= 4.2.4
📦
Plone

Plone

= 4.2.5
📦
Plone

Plone

= 4.2.6
📦
Plone

Plone

= 4.2.7
📦
Plone

Plone

= 4.3
📦
Plone

Plone

= 4.3.1
📦
Plone

Plone

= 4.3.2
📦
Plone

Plone

= 4.3.3
📦
Plone

Plone

= 4.3.4
📦
Plone

Plone

= 4.3.5
📦
Plone

Plone

= 4.3.6
📦
Plone

Plone

= 4.3.7
📦
Plone

Plone

= 4.3.8
📦
Plone

Plone

= 4.3.9
📦
Plone

Plone

= 4.3.10
📦
Plone

Plone

= 4.3.11
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0
📦
Plone

Plone

= 5.0.1
📦
Plone

Plone

= 5.0.2
📦
Plone

Plone

= 5.0.3
📦
Plone

Plone

= 5.0.4
📦
Plone

Plone

= 5.0.5
📦
Plone

Plone

= 5.0.6
📦
Plone

Plone

= 5.1a1

References & Advisories

🔗 http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
🔗 http://seclists.org/fulldisclosure/2016/Oct/80
🔗 http://www.openwall.com/lists/oss-security/2016/09/05/4
🔗 http://www.openwall.com/lists/oss-security/2016/09/05/5
🔗 http://www.securityfocus.com/archive/1/539572/100/0/threaded
🔗 http://www.securityfocus.com/bid/92752
🔗 https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
🔗 http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

相關漏洞威脅

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...