Description
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Widget Cache Cross-Site Scripting (0.26)
MySQL CVE-2016-0594 Vulnerability (CVE-2016-0594)
WordPress Plugin Location Weather Cross-Site Scripting (1.3.3)
e107 Credentials Management Errors Vulnerability (CVE-2013-7305)
WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)