CVE

Id
51942  
CVE No.
CVE-2011-4030  
Status
Candidate  
Description
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.  
Phase
Assigned (20111009)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
556851 51942 CVE-2011-4030 CONFIRM:http://plone.org/products/plone-hotfix/releases/20110928  View
556852 51942 CVE-2011-4030 CONFIRM:http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip  View
556853 51942 CVE-2011-4030 CONFIRM:http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0  View
556854 51942 CVE-2011-4030 BID:50287  View
556855 51942 CVE-2011-4030 URL:http://www.securityfocus.com/bid/50287  View
556856 51942 CVE-2011-4030 SECUNIA:46323  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
32944 JVNDB-2011-003184 Schneider Electric の複数の製品におけるクロスサイトスクリプティングの脆弱性 Schneider Electric Vijeo Historian、Schneider Electric CitectHistorian、および Schneider Electric CitectSCADA Reports には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2011-4035 51942 4.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003184.html  View