CVE-2016-7140: Plone vulnerable to Cross-site Scripting

May 14, 2022 (updated October 18, 2024)

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

github.com/advisories/GHSA-chvw-gjxf-f8mc
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml
nvd.nist.gov/vuln/detail/CVE-2016-7140
plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2

Detect and mitigate CVE-2016-7140 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →