Oval Definition:oval:com.ubuntu.xenial:def:20167147000
Revision Date:2017-02-04Version:1
Title:CVE-2016-7147 on Ubuntu 16.04 LTS (xenial) - medium.
Description:Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-7147
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND The 'zope2.13' package in xenial is affected and needs fixing.
    • BACK