Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

Remediation

References

CVE-2012-5488

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8089)

WordPress Plugin Multi Rating Multiple Unspecified Vulnerabilities (3.2.1)

MySQL CVE-2019-2795 Vulnerability (CVE-2019-2795)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3530)

WordPress Plugin MailPoet Newsletters (Previous) 'swfupload.swf' Cross-Site Scripting (2.1.6)

Severity

Medium

Classification

CVE-2012-5488 CWE-94

Tags

Missing Update Known Vulnerabilities