{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-02T18:18:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://plone.org/security/20131210/zope-xss-in-OFS"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/oss-sec/2013/q4/467"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/oss-sec/2013/q4/485"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://plone.org/security/20131210/zope-xss-in-OFS", "refsource": "CONFIRM", "url": "https://plone.org/security/20131210/zope-xss-in-OFS"}, {"name": "https://plone.org/security/20131210/zope-xss-in-browseridmanager", "refsource": "CONFIRM", "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"}, {"name": "http://seclists.org/oss-sec/2013/q4/467", "refsource": "MISC", "url": "http://seclists.org/oss-sec/2013/q4/467"}, {"name": "http://seclists.org/oss-sec/2013/q4/485", "refsource": "MISC", "url": "http://seclists.org/oss-sec/2013/q4/485"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:45.857Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plone.org/security/20131210/zope-xss-in-OFS"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/467"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/485"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7062", "datePublished": "2020-01-02T18:18:18", "dateReserved": "2013-12-11T00:00:00", "dateUpdated": "2024-08-06T17:53:45.857Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "837BA92A-14B9-4506-BD37-2135807EEF6A", "versionEndIncluding": "3.3.6", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "911091B6-4A99-436F-A621-EC157CC83DB9", "versionEndIncluding": "4.0.9", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "534D6FEA-FDB9-49D7-881B-1BC3D6EC531E", "versionEndIncluding": "4.1.6", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "3225F460-1390-482D-8FB0-0291F270E58E", "versionEndIncluding": "4.2.7", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "matchCriteriaId": "C920765F-25D5-42BD-804A-DCA32F3FBD47", "versionEndIncluding": "4.3.2", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Zope, como es usado en Plone versiones 3.3.x hasta la versi\u00f3n 3.3.6, versiones 4.0.x hasta 4.0.9, versiones 4.1.x hasta la versi\u00f3n 4.1.6, versiones 4.2.x hasta 4.2.7 y versiones 4.3 hasta 4.3.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una entrada no especificada en el m\u00e9todo (1) browser_id_manager o (2) OFS.Image."}], "id": "CVE-2013-7062", "lastModified": "2024-11-21T02:00:15.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-02T19:15:12.370", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q4/467"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q4/485"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/zope-xss-in-OFS"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q4/467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q4/485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/zope-xss-in-OFS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "zope: reflexive XSS in Image.py", "id": "1040392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."], "name": "CVE-2013-7062", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "conga", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7062\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7062"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}