Description

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

Remediation

References

CVE-2013-4194

Related Vulnerabilities

WordPress Plugin Livemesh Addons for Elementor Security Bypass (2.5.2)

MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

MediaWiki CVE-2022-28204 Vulnerability (CVE-2022-28204)

Oracle JRE CVE-2013-2432 Vulnerability (CVE-2013-2432)

Severity

Medium

Classification

CVE-2013-4194 CWE-200

Tags

Missing Update Known Vulnerabilities