Description
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.15)
Magento Improper Input Validation Vulnerability (CVE-2021-28585)
SharePoint CVE-2018-8161 Vulnerability (CVE-2018-8161)
WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)
Internet Information Services Other Vulnerability (CVE-2002-0869)