CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
Configurations

Configuration 1 (hide)

cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*

History

26 Jan 2024, 18:52

Type Values Removed Values Added
References () https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms - () https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CPE cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*

18 Jan 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-18 13:15

Updated : 2024-02-05 00:22


NVD link : CVE-2024-0669

Mitre link : CVE-2024-0669

CVE.ORG link : CVE-2024-0669


JSON object : View

Products Affected

plone

  • plone
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames