typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-03-11T15:00:00
Updated: 2024-08-06T16:38:01.517Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4193
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-03-11T19:37:02.803
Modified: 2014-03-12T01:24:57.990
Link: CVE-2013-4193
Redhat
No data.