Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7139

Опубликовано: 07 мар. 2017
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*

EPSS

Процентиль: 65%
0.00491
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2016-7139

CVSS3: 5.4
redhat
больше 9 лет назад

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

github логотип

GHSA-pp4c-2692-7f37

CVSS3: 6.1
github
больше 3 лет назад

Plone Cross-site Scripting (XSS) vulnerability

EPSS

Процентиль: 65%
0.00491
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79