Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC |
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list x_refsource_FULLDISC |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list x_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list x_refsource_MLIST |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/92752 | vdb-entry x_refsource_BID |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC x_transferred |
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1 | x_refsource_CONFIRM x_transferred |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list x_refsource_FULLDISC x_transferred |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list x_refsource_MLIST x_transferred |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list x_refsource_MLIST x_transferred |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://www.securityfocus.com/bid/92752 | vdb-entry x_refsource_BID x_transferred |
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 6.1 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |