Vulnerability Description
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plone | Plone | 3.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-TraversalExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Oct/80Third Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2016/09/05/4Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/05/5Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/archive/1/539572/100/0/threaded
- http://www.securityfocus.com/bid/92752
- https://plone.org/security/hotfix/20160830/non-persistent-xss-in-ploneVendor Advisory
- http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-TraversalExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Oct/80Third Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2016/09/05/4Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/05/5Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/archive/1/539572/100/0/threaded
- http://www.securityfocus.com/bid/92752
- https://plone.org/security/hotfix/20160830/non-persistent-xss-in-ploneVendor Advisory
FAQ
What is CVE-2016-7139?
CVE-2016-7139 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web scr...
How severe is CVE-2016-7139?
CVE-2016-7139 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7139?
Check the references section above for vendor advisories and patch information. Affected products include: Plone Plone.