typeswidget.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote malicious users to hide fields on the forms via a crafted URL.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
plone plone 4.0.1 |
||
plone plone 3.0 |
||
plone plone 3.0.2 |
||
plone plone 3.1.2 |
||
plone plone 3.1.4 |
||
plone plone 3.2.1 |
||
plone plone 3.2.3 |
||
plone plone 2.5 |
||
plone plone 2.5.2 |
||
plone plone 2.1.3 |
||
plone plone 4.0.3 |
||
plone plone 4.0.4 |
||
plone plone 4.0.5 |
||
plone plone 4.0.6.1 |
||
plone plone 3.1.5.1 |
||
plone plone 3.1.6 |
||
plone plone 3.1.7 |
||
plone plone 3.2 |
||
plone plone 2.5.3 |
||
plone plone 2.5.4 |
||
plone plone 2.5.5 |
||
plone plone 2.1 |
||
plone plone 2.1.1 |
||
plone plone 3.0.3 |
||
plone plone 3.0.4 |
||
plone plone 3.0.5 |
||
plone plone 3.0.6 |
||
plone plone 3.1 |
||
plone plone 3.3.1 |
||
plone plone 3.3.2 |
||
plone plone 3.3.3 |
||
plone plone 3.3.4 |
||
plone plone 4.0 |
||
plone plone 4.0.2 |
||
plone plone 4.1 |
||
plone plone 3.0.1 |
||
plone plone 3.1.1 |
||
plone plone 3.1.3 |
||
plone plone 3.2.2 |
||
plone plone 3.3 |
||
plone plone 3.3.5 |
||
plone plone 2.5.1 |
||
plone plone 2.1.2 |
||
plone plone 2.1.4 |
||
plone plone 4.2.4 |
||
plone plone 4.2 |
||
plone plone 4.2.1 |
||
plone plone 4.2.2 |
||
plone plone 4.2.3 |
||
plone plone 4.2.5 |
||
plone plone 4.3.1 |
||
plone plone 4.3 |
Vulmon