Description

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.

Remediation

References

CVE-2012-5491

Related Vulnerabilities

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Unspecified Vulnerability (1.12.22)

WordPress Plugin MalCare Security-Free Malware Scanner, Protection & Security for WordPress Cross-Site Scripting (4.57)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39114)

MySQL CVE-2020-2790 Vulnerability (CVE-2020-2790)

Oracle Database Server CVE-2012-0527 Vulnerability (CVE-2012-0527)

Severity

Medium

Classification

CVE-2012-5491 CWE-200

Tags

Missing Update Known Vulnerabilities