CVE-2024-0669

HIGH7.1EPSS 0.05%

Cross-Frame Scripting vulnerability has been found on Plone CMS

Published: 1/18/2024Modified: 2/16/2024

Description

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

Affected packages (1)

PyPI/plonefrom 0, < 6.0.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-0669
PATCHhttps://github.com/plone/Plone
WEBhttps://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms