Description

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Remediation

References

CVE-2013-4198

Related Vulnerabilities

WordPress Plugin BannerMan Cross-Site Scripting (0.2.4)

Oracle Database Server CVE-2009-1985 Vulnerability (CVE-2009-1985)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Multiple Cross-Site Scripting Vulnerabilities (1.1.30)

WordPress Plugin bbPress SQL Injection (2.5.14)

WordPress Plugin Author Chat Unspecified Vulnerability (1.9.0)

Severity

Medium

Classification

CVE-2013-4198 CWE-264

Tags

Missing Update Known Vulnerabilities