Cross-Frame Scripting (XFS) on Plone CMS

Posted date 18/01/2024
Identificador
INCIBE-2024-0026
Importance
3 - Medium
Affected Resources

Plone CMS 6.0.5

Description

INCIBE has coordinated the publication of a vulnerability that affects , a content management system,  Plone CMS 6.0.5 which has been discovered by Miguel Segovia Gil.

This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:

  • CVE-2024-0669: 6.3 | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | CWE-1021.
Solution

The manufacturer has fixed the vulnerability in version 6.0.7.

Detail

CVE-2024-0669: A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

References list
Etiquetas