CVE-2024-0669

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-0669

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0669.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-0669

Aliases

GHSA-5xfx-55x4-j223

Published

2024-01-18T13:15:09.177Z

Modified

2025-11-20T12:22:51.647506Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms

Affected packages

Git / github.com/plone/plone

Affected ranges

Type: GIT
Repo: https://github.com/plone/plone
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

42da20eb0d8d87204bc14938b85afe581c6bcf19

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.3

4.3.1

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.0a2

5.0a3

5.0b1

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.2.0

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

6.*

6.0.0

6.0.0a1

6.0.0a1.dev0

6.0.0a2

6.0.0a3

6.0.0a4

6.0.0a5

6.0.0b1

6.0.0b2

6.0.0b3

6.0.0rc1

6.0.0rc2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0669.json"