Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-17w2-gd3m-2qff
Vulnerability ID VCID-17w2-gd3m-2qff
Aliases CVE-2016-7136
GHSA-22jm-p2vv-j2hc
PYSEC-2017-59
Summary z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
http://seclists.org/fulldisclosure/2016/Oct/80
https://github.com/plone/Plone
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml
https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
http://www.openwall.com/lists/oss-security/2016/09/05/4
http://www.openwall.com/lists/oss-security/2016/09/05/5
http://www.securityfocus.com/archive/1/539572/100/0/threaded
http://www.securityfocus.com/bid/92752
CVE-2016-7136 https://nvd.nist.gov/vuln/detail/CVE-2016-7136
GHSA-22jm-p2vv-j2hc https://github.com/advisories/GHSA-22jm-p2vv-j2hc
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:04:33.385286+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-59.yaml 38.6.0