Miggo Logo

CVE-2016-7138: Plone XSS

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.64626%
Published
5/14/2022
Updated
10/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
plonepip>= 5.0.0, <= 5.0.6
plonepip>= 4.0.0, <= 4.3.11
plonepip>= 3.3.0, <= 3.3.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly implicates the URL checking infrastructure. The function isURLInSite in Plone's URLTool is responsible for validating URLs within the site. The advisory notes that crafted URLs with JavaScript payloads bypass sanitization, suggesting this function returns raw user input without escaping. The hotfix likely added proper sanitization here. References to 'URL checking infrastructure' and the XSS mechanism align with this function's role in processing URLs for validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** URL ****kin* in*r*stru*tur* in Plon* *MS *.x t*rou** *.*.*, *.x t*rou** *.*.**, *n* *.*.x t*rou** *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* * *r**t** URL.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly impli**t*s t** URL ****kin* in*r*stru*tur*. T** *un*tion `isURLInSit*` in Plon*'s URLTool is r*sponsi*l* *or v*li**tin* URLs wit*in t** sit*. T** **visory not*s t**t *r**t** URLs wit* J*v*S*ript p*ylo**s *yp*s