CVE-2016-7140

CVE Database · CVE-2016-7140

CVE-2016-7140

· N/AModified

CVSS v3.1

N/A

EPSS

1.59%

Published

Mar 7, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Weaknesses (CWE)

CWE-79

Affected Products (56)

plone · plonevulnerable

plone · plone

References (14)

http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Oct/80

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/archive/1/539572/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs

plone · plonevulnerable

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory