CVE-2016-7139

CVE Database · CVE-2016-7139

CVE-2016-7139

· N/AModified

CVSS v3.1

N/A

EPSS

1.59%

Published

Mar 7, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Weaknesses (CWE)

CWE-79

Affected Products (56)

plone · plonevulnerable

plone · plone

References (14)

http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Oct/80

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/archive/1/539572/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs

plone · plonevulnerable

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory