Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Remediation

References

CVE-2011-4030

Related Vulnerabilities

GlassFish CVE-2018-3152 Vulnerability (CVE-2018-3152)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (3.5.5)

WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.1)

WordPress Plugin Spiffy Calendar SQL Injection (4.9.11)

WordPress Plugin WP Statistics Multiple Vulnerabilities (13.1.5)

Severity

Critical

Classification

CVE-2011-4030 CWE-264

Tags

Missing Update Known Vulnerabilities