Moderate severityNVD Advisory· Published Mar 11, 2014· Updated May 6, 2026

CVE-2013-4194

Description

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
PlonePyPI	>= 2.1, < 4.1.1	4.1.1
PlonePyPI	>= 4.2, < 4.2.6	4.2.6
PlonePyPI	>= 4.3, < 4.3.2	4.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plone.org/products/plone-hotfix/releases/20130618nvdPatchWEB
plone.org/products/plone/security/advisories/20130618-announcementnvdVendor AdvisoryWEB
github.com/advisories/GHSA-mm32-jw73-9227ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-4194ghsaADVISORY
seclists.org/oss-sec/2013/q3/261nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000