Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Jan 2017 05:54:01 -0600
From: Nathan Van Gheem <>
Subject: CVE Request: Plone Multiple Vulnerabilities

Dear oss-security List,

Please provide CVEs for the following 6 issues:

1) Filesystem information leak
A vulnerability that allows remote attackers to obtain information on files
on the server
Credit: Sebastian Perez
Impact: By using relative paths and guessing locations on a server Plone is
installed on, an attacker can read data from a target server that the
process running plone has permission to read. The attacker needs
administrator privileges on the Plone site to perform this attack.

2) Non-Persistent XSS in Plone forms
z3c.form will currently accept data from GET requests when the form is
supposed to be POST. This allows a user to inject a potential XSS attack
into a form. With certain widgets in Plone admin forms, the input is
expected to be safe and can cause a reflexive XSS attack. Additionally,
there is potential for an attack that will trick a user into saving a
persistent XSS.
Credit: Sebastian Perez

3) Open Redirection
In multiple places, Plone blindly uses the referer header to redirect a
user to the next page after a particular action. An attacker could utilize
this to draw a user into a redirection attack.
Credit: Sebastian Perez

4) Non-Persistent XSS
Plone's URL checking infrastructure includes a method for checking if URLs
valid and located in the Plone site. By passing javascript into this
specially crafted url, XSS can be achieved.
Credit: Sebastian Perez

5) Non-Persistent XSS on user form
Plone has unescaped user input in a page template that is open to XSS
Credit: Sebastian Perez

6) Non-Persistent XSS in Zope2
In multiple places, Zope2's ZMI pages do not properly escape user input
Credit: Sebastian Perez

Versions Affected:
4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version

Code fixes:

Recommended action:
Install the

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ