CVE-2016-7138

CVE Database · CVE-2016-7138

CVE-2016-7138

· N/AModified

CVSS v3.1

N/A

EPSS

1.60%

Published

Mar 7, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Weaknesses (CWE)

CWE-79

Affected Products (56)

plone · plonevulnerable

plone · plone

References (14)

http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Oct/80

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/archive/1/539572/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs

plone · plonevulnerable

http://www.openwall.com/lists/oss-security/2016/09/05/4

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/09/05/5

Mailing ListPatchThird Party Advisory