Red Hat Bugzilla – Bug 978469
CVE-2013-4193 plone: Anonymous users capable to hide certain fields from content edit forms (typeswidget.py)
Last modified: 2015-08-22 11:59:53 EDT
A security flaw was found in the way Plone, a user friendly and powerful content management system, enforced immutable setting on certain content edit forms. A remote attacker could use this flaw to provide a specially-crafted URL that would (in a non-persistent way) hide certain fields from these content edit forms, possibly leading to scenario such altered forms to be erroneously accepted by authenticated Plone user as valid.
The CVE identifier of CVE-2013-4193 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]