What is the severity of CVE-2024-0669?

CVE-2024-0669 is classified as a moderate severity Cross-Frame Scripting vulnerability affecting Plone CMS versions below 6.0.5.

How do I fix CVE-2024-0669?

To resolve CVE-2024-0669, upgrade Plone CMS to version 6.0.7 or later.

Who is affected by CVE-2024-0669?

CVE-2024-0669 affects installations of Plone CMS running versions earlier than 6.0.5.

What type of vulnerability is CVE-2024-0669?

CVE-2024-0669 is a Cross-Frame Scripting vulnerability that allows the execution of malicious iframe elements.

What could an attacker do with CVE-2024-0669?

An attacker could leverage CVE-2024-0669 to store a malicious URL that might be opened by an administrator, resulting in potential exploitation.

Vulnerability/
CVE-2024-0669

high

7.1

CWE

1021

EPSS

0.046%

18/1/2024

1/8/2024

CVE-2024-0669: Cross-Frame Scripting (XFS) on Plone CMS

First published: Thu Jan 18 2024(Updated: )

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.

Credit: cve-coordination@incibe.es cve-coordination@incibe.es

Affected Software	Affected Version	How to fix
pip/Plone	<=6.0.5	6.0.7
Plone CMS	<6.0.7

Remedy

The manufacturer has fixed the vulnerability in version 6.0.7.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-0669?
CVE-2024-0669 is classified as a moderate severity Cross-Frame Scripting vulnerability affecting Plone CMS versions below 6.0.5.
How do I fix CVE-2024-0669?
To resolve CVE-2024-0669, upgrade Plone CMS to version 6.0.7 or later.
Who is affected by CVE-2024-0669?
CVE-2024-0669 affects installations of Plone CMS running versions earlier than 6.0.5.
What type of vulnerability is CVE-2024-0669?
CVE-2024-0669 is a Cross-Frame Scripting vulnerability that allows the execution of malicious iframe elements.
What could an attacker do with CVE-2024-0669?
An attacker could leverage CVE-2024-0669 to store a malicious URL that might be opened by an administrator, resulting in potential exploitation.

agent/remedy
agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/references
agent/description
agent/author
agent/softwarecombine
collector/github-advisory-latest
source/GitHub
alias/GHSA-5xfx-55x4-j223
alias/CVE-2024-0669
agent/software-canonical-lookup
agent/severity
agent/event
collector/github-advisory
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/pip
vendor/plone
canonical/plone cms

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.