Description

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Remediation

References

CVE-2013-4198

Related Vulnerabilities

WordPress Plugin Image Rotator Cross-Site Scripting (1.0)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5689)

Drupal Core 9.1.x Arbitrary File Overwrite (9.1.0 - 9.1.2)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22942)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37064)

Severity

Medium

Classification

CVE-2013-4198 CWE-264

Tags

Missing Update Known Vulnerabilities