ByteOS Network

Vulnerability Details :

CVE-2016-7139

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-07 Mar, 2017 | 16:00

Updated At-06 Aug, 2024 | 01:50

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:07 Mar, 2017 | 16:00

Updated At:06 Aug, 2024 | 01:50

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone	x_refsource_CONFIRM
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html	x_refsource_MISC
http://seclists.org/fulldisclosure/2016/Oct/80	mailing-list x_refsource_FULLDISC
http://www.openwall.com/lists/oss-security/2016/09/05/4	mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/09/05/5	mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/539572/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/92752	vdb-entry x_refsource_BID

Hyperlink: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone

Resource:

x_refsource_CONFIRM

Hyperlink: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

Resource:

x_refsource_MISC

Hyperlink: http://seclists.org/fulldisclosure/2016/Oct/80

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/4

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/5

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.securityfocus.com/archive/1/539572/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/bid/92752

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone	x_refsource_CONFIRM x_transferred
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html	x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2016/Oct/80	mailing-list x_refsource_FULLDISC x_transferred
http://www.openwall.com/lists/oss-security/2016/09/05/4	mailing-list x_refsource_MLIST x_transferred
http://www.openwall.com/lists/oss-security/2016/09/05/5	mailing-list x_refsource_MLIST x_transferred
http://www.securityfocus.com/archive/1/539572/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/bid/92752	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2016/Oct/80

Resource:

mailing-list

x_refsource_FULLDISC

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/4

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/5

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/539572/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/bid/92752

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:07 Mar, 2017 | 16:59

Updated At:20 Apr, 2025 | 01:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Plone Foundation

>>plone>>3.3

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.1

cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.2

cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.3

cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.4

cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.5

cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*

Plone Foundation

>>plone>>3.3.6

cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0

cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.1

cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.2

cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.3

cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.4

cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.5

cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.7

cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.8

cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.9

cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.0.10

cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1

cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.1

cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.2

cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.3

cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.4

cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.5

cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.1.6

cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2

cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.1

cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.2

cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.3

cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.4

cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.5

cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.6

cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.2.7

cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3

cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.1

cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.2

cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.3

cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.4

cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.5

cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.6

cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.7

cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.8

cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.9

cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.10

cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*

Plone Foundation

>>plone>>4.3.11

cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0

cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0

cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0

cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0

cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0

cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*

Plone Foundation

>>plone>>5.0.1

cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html	cve@mitre.org	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Oct/80	cve@mitre.org	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/05/4	cve@mitre.org	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/05/5	cve@mitre.org	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/archive/1/539572/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/92752	cve@mitre.org	N/A
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone	cve@mitre.org	Vendor Advisory
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Oct/80	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/05/4	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/05/5	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/archive/1/539572/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/92752	af854a3a-2127-422b-91ae-364da2661108	N/A
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

VDB Entry

Hyperlink: http://seclists.org/fulldisclosure/2016/Oct/80

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/4

Source: cve@mitre.org

Resource:

Mailing List

Patch

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/05/5

Source: cve@mitre.org

Resource:

Mailing List

Patch

Third Party Advisory

Hyperlink: http://www.securityfocus.com/archive/1/539572/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/92752

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html