Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7140

Опубликовано: 07 мар. 2017
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*

EPSS

Процентиль: 65%
0.00491
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2016-7140

CVSS3: 5.4
redhat
больше 9 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

github логотип

GHSA-chvw-gjxf-f8mc

CVSS3: 6.1
github
больше 3 лет назад

Plone vulnerable to Cross-site Scripting

EPSS

Процентиль: 65%
0.00491
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79