CVE-2016-7138

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7138
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7138.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7138
Aliases
Published
2017-03-07T16:59:01Z
Modified
2025-04-20T03:23:26.583752Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/plone/plone.namedfile
Events

Affected versions

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0b5
1.0b6
1.0b7
1.0b8

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.7

4.*

4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.1
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2.0
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3.2
4.3.3
4.3a1
4.3a2
4.3b1
4.3b2

5.*

5.0a2
5.0a3
5.0b1