CVE Vulnerabilities

CVE-2013-4193

Published: Mar 11, 2014 | Modified: Mar 12, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

Affected Software

Name Vendor Start Version End Version
Plone Plone 2.1 2.1
Plone Plone 2.1.1 2.1.1
Plone Plone 2.1.2 2.1.2
Plone Plone 2.1.3 2.1.3
Plone Plone 2.1.4 2.1.4
Plone Plone 2.5 2.5
Plone Plone 2.5.1 2.5.1
Plone Plone 2.5.2 2.5.2
Plone Plone 2.5.3 2.5.3
Plone Plone 2.5.4 2.5.4
Plone Plone 2.5.5 2.5.5
Plone Plone 3.0 3.0
Plone Plone 3.0.1 3.0.1
Plone Plone 3.0.2 3.0.2
Plone Plone 3.0.3 3.0.3
Plone Plone 3.0.4 3.0.4
Plone Plone 3.0.5 3.0.5
Plone Plone 3.0.6 3.0.6
Plone Plone 3.1 3.1
Plone Plone 3.1.1 3.1.1
Plone Plone 3.1.2 3.1.2
Plone Plone 3.1.3 3.1.3
Plone Plone 3.1.4 3.1.4
Plone Plone 3.1.5.1 3.1.5.1
Plone Plone 3.1.6 3.1.6
Plone Plone 3.1.7 3.1.7
Plone Plone 3.2 3.2
Plone Plone 3.2.1 3.2.1
Plone Plone 3.2.2 3.2.2
Plone Plone 3.2.3 3.2.3
Plone Plone 3.3 3.3
Plone Plone 3.3.1 3.3.1
Plone Plone 3.3.2 3.3.2
Plone Plone 3.3.3 3.3.3
Plone Plone 3.3.4 3.3.4
Plone Plone 3.3.5 3.3.5
Plone Plone 4.0 4.0
Plone Plone 4.0.1 4.0.1
Plone Plone 4.0.2 4.0.2
Plone Plone 4.0.3 4.0.3
Plone Plone 4.0.4 4.0.4
Plone Plone 4.0.5 4.0.5
Plone Plone 4.0.6.1 4.0.6.1
Plone Plone 4.1 4.1

References