CVE-2016-7138
Plone XSS
6.1
MEDIUM
CVSS 3.1
EPSS 0.49%
Description
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
How to fix CVE-2016-7138
To remediate CVE-2016-7138, upgrade the affected package to a fixed version below.
- PyPI/plone—no fix listed
- —upgrade to 5.0.7 or later
Is CVE-2016-7138 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 5.0.0, <= 5.0.6
- >= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |