Cross-site Request Forgery (CSRF) Affecting plone package, versions [,4.3.7)[5.0a1,5.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.35% (72nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Request Forgery (CSRF) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-PLONE-40343
  • published7 Nov 2017
  • disclosed27 Feb 2016
  • creditUnknown

Introduced: 27 Feb 2016

CVE-2015-7293  (opens in a new tab)
CWE-352  (opens in a new tab)

Overview

plone is a Content Management System.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

References

CVSS Scores

version 3.1