CVE-2012-5491
Plone Information Disclosure
5.3
MEDIUM
CVSS 3.1
EPSS 0.32%
Description
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
How to fix CVE-2012-5491
To remediate CVE-2012-5491, upgrade the affected package to a fixed version below.
- PyPI/plone—upgrade to 4.2.3 or later
- —upgrade to 4.2.3 or later
Is CVE-2012-5491 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.2.3
- from 0, < 4.2.3, >= 4.3a0, < 4.3b1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |