Cross-Frame Scripting (XFS) on Plone CMS
Posted date 18/01/2024
Identificador
INCIBE-2024-0026
Importance
3 - Medium
Affected Resources
Plone CMS 6.0.5
Description
INCIBE has coordinated the publication of a vulnerability that affects , a content management system, Plone CMS 6.0.5 which has been discovered by Miguel Segovia Gil.
This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:
- CVE-2024-0669: 6.3 | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | CWE-1021.
Solution
The manufacturer has fixed the vulnerability in version 6.0.7.
Detail
CVE-2024-0669: A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
References list