Description
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-35940)
Grafana Improper Input Validation Vulnerability (CVE-2022-39306)
WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)
Atlassian Jira CVE-2021-43947 Vulnerability (CVE-2021-43947)
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)