Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Jan 2017 05:54:01 -0600
From: Nathan Van Gheem <>
Subject: CVE Request: Plone Multiple Vulnerabilities

Dear oss-security List,

Please provide CVEs for the following 6 issues:

1) Filesystem information leak
A vulnerability that allows remote attackers to obtain information on files
on the server
Credit: Sebastian Perez
Impact: By using relative paths and guessing locations on a server Plone is
installed on, an attacker can read data from a target server that the
process running plone has permission to read. The attacker needs
administrator privileges on the Plone site to perform this attack.

2) Non-Persistent XSS in Plone forms
z3c.form will currently accept data from GET requests when the form is
supposed to be POST. This allows a user to inject a potential XSS attack
into a form. With certain widgets in Plone admin forms, the input is
expected to be safe and can cause a reflexive XSS attack. Additionally,
there is potential for an attack that will trick a user into saving a
persistent XSS.
Credit: Sebastian Perez

3) Open Redirection
In multiple places, Plone blindly uses the referer header to redirect a
user to the next page after a particular action. An attacker could utilize
this to draw a user into a redirection attack.
Credit: Sebastian Perez

4) Non-Persistent XSS
Plone's URL checking infrastructure includes a method for checking if URLs
valid and located in the Plone site. By passing javascript into this
specially crafted url, XSS can be achieved.
Credit: Sebastian Perez

5) Non-Persistent XSS on user form
Plone has unescaped user input in a page template that is open to XSS
Credit: Sebastian Perez

6) Non-Persistent XSS in Zope2
In multiple places, Zope2's ZMI pages do not properly escape user input
Credit: Sebastian Perez

Versions Affected:
4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version

Code fixes:

Recommended action:
Install the

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.