CVE-2013-4193
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
5.9
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
How to fix CVE-2013-4193
To remediate CVE-2013-4193, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.1 or later
- —upgrade to 4.1.1 or later
Is CVE-2013-4193 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.1, < 4.1.1
- >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |