Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4190

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4190
Last Modified 11 Mar 2014 09:06:20
Published 11 Mar 2014 03:37:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4190

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Plone 2.1

  • Plone 2.1.1

  • Plone 2.1.2

  • Plone 2.1.3

  • Plone 2.1.4

  • Plone 2.5

  • Plone 2.5.1

  • Plone 2.5.2

  • Plone 2.5.3

  • Plone 2.5.4

  • Plone 2.5.5

  • Plone 3.0

  • Plone 3.0.1

  • Plone 3.0.2

  • Plone 3.0.3

  • Plone 3.0.4

  • Plone 3.0.5

  • Plone 3.0.6

  • Plone 3.1

  • Plone 3.1.1

  • Plone 3.1.2

  • Plone 3.1.3

  • Plone 3.1.4

  • Plone 3.1.5.1

  • Plone 3.1.6

  • Plone 3.1.7

  • Plone 3.2

  • Plone 3.2.1

  • Plone 3.2.2

  • Plone 3.2.3

  • Plone 3.3

  • Plone 3.3.1

  • Plone 3.3.2

  • Plone 3.3.3

  • Plone 3.3.4

  • Plone 3.3.5

  • Plone 4.0

  • Plone 4.0.1

  • Plone 4.0.2

  • Plone 4.0.3

  • Plone 4.0.4

  • Plone 4.0.5

  • Plone 4.0.6.1

  • Plone 4.1

  • Plone 4.2

  • Plone 4.2.1

  • Plone 4.2.2

  • Plone 4.2.3

  • Plone 4.2.4

  • Plone 4.2.5

  • Plone 4.3

  • Plone 4.3.1


References

CONFIRM - http://plone.org/products/plone-hotfix/releases/20130618

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=978451

MLIST - [oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)

CONFIRM - http://plone.org/products/plone/security/advisories/20130618-announcement


Last Updated: 27 May 2016 11:04:36