FreeBSD : plone -- multiple vulnerabilities (6b3374d4-6b0b-11e5-9909-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description : reports :

Versions Affected: All current Plone versions.

Versions Not Affected: None.

Nature of vulnerability: Allows creation of members by anonymous users
on sites that have self-registration enabled, allowing bypass of
CAPTCHA and similar protections against scripted attacks.

The patch can be added to buildouts as Products.PloneHotfix20150910
(available from PyPI) or downloaded from

Immediate Measures You Should Take: Disable self-registration until
you have applied the patch.

Plone's URL checking infrastructure includes a method for checking if
URLs valid and located in the Plone site. By passing HTML into this
specially crafted url, XSS can be achieved.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86266 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now