This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Plone.org reports :
Versions Affected: All current Plone versions.
Versions Not Affected: None.
Nature of vulnerability: Allows creation of members by anonymous users
on sites that have self-registration enabled, allowing bypass of
CAPTCHA and similar protections against scripted attacks.
The patch can be added to buildouts as Products.PloneHotfix20150910
(available from PyPI) or downloaded from Plone.org.
Immediate Measures You Should Take: Disable self-registration until
you have applied the patch.
Plone's URL checking infrastructure includes a method for checking if
URLs valid and located in the Plone site. By passing HTML into this
specially crafted url, XSS can be achieved.
See also :
Update the affected package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now