Description

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

Remediation

References

CVE-2012-5505

Related Vulnerabilities

WordPress Plugin BackWPup Cross-Site Scripting (3.2.5)

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7744)

WordPress Plugin YouTube Cross-Site Request Forgery (11.8.1)

Severity

Medium

Classification

CVE-2012-5505 CWE-200

Tags

Missing Update Known Vulnerabilities