The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://plone.org/products/plone-hotfix/releases/20130618 - Patch | |
References | () http://plone.org/products/plone/security/advisories/20130618-announcement - Vendor Advisory | |
References | () http://seclists.org/oss-sec/2013/q3/261 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=978470 - |
Information
Published : 2014-03-11 19:37
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4194
Mitre link : CVE-2013-4194
CVE.ORG link : CVE-2013-4194
JSON object : View
Products Affected
plone
- plone
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor