Miggo Logo
Miggo Vulnerability Database
CVE-2024-0669

CVE-2024-0669: Cross-Frame Scripting vulnerability has been found on Plone CMS

7.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-0669
GHSA ID
GHSA-5xfx-55x4-j223
EPSS Score
0.15221%
CWE
CWE-1021
Published
1/18/2024
Updated
1/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
Plonepip<= 6.0.56.0.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

Cross-Frame Scripting (CWE-1021) typically occurs when security headers like X-Frame-Options or CSP frame-ancestors are missing/misconfigured. The vulnerability description indicates attackers could exploit iframe elements through stored malicious URLs, strongly suggesting insufficient frame embedding restrictions. While exact code changes aren't available, Plone's security middleware handling HTTP responses is the most probable location for this vulnerability, as header configuration is the primary defense against UI redressing attacks. The high confidence comes from the direct alignment between the CWE, vulnerability description, and standard XFS mitigation techniques.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-*r*m* S*riptin* vuln*r**ility **s ***n *oun* on Plon* *MS *****tin* v*rsion **low *.*.*. *n *tt**k*r *oul* stor* * m*li*ious URL to ** op*n** *y *n **ministr*tor *n* *x**ut* * m*li*ios i*r*m* *l*m*nt.

Reasoning

*ross-*r*m* S*riptin* (*W*-****) typi**lly o**urs w**n s**urity *****rs lik* X-*r*m*-Options or *SP *r*m*-*n**stors *r* missin*/mis*on*i*ur**. T** vuln*r**ility **s*ription in*i**t*s *tt**k*rs *oul* *xploit i*r*m* *l*m*nts t*rou** stor** m*li*ious UR