Loading
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Use CWE-79, Plone vendor hub and Plone product page to widen CVE-2016-7136 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-33509, CVE-2021-33926 and CVE-2024-22889 for nearby disclosures in the same product family.