Cross-Frame Scripting (XFS) on Plone CMS

Posted date 18/01/2024
3 - Medium
Affected Resources

Plone CMS 6.0.5


INCIBE has coordinated the publication of a vulnerability that affects , a content management system,  Plone CMS 6.0.5 which has been discovered by Miguel Segovia Gil.

This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:

  • CVE-2024-0669: 6.3 | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | CWE-1021.

The manufacturer has fixed the vulnerability in version 6.0.7.


CVE-2024-0669: A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

References list