Description

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

Remediation

References

CVE-2013-7061

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14631)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

Oracle JRE CVE-2013-5778 Vulnerability (CVE-2013-5778)

MySQL CVE-2018-2777 Vulnerability (CVE-2018-2777)

WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)

Severity

Medium

Classification

CVE-2013-7061 CWE-264

Tags

Missing Update Known Vulnerabilities