CVE-2022-23599: n/a in n/a
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.
AI Analysis
Technical Summary
CVE-2022-23599 is a medium-severity vulnerability affecting Products.ATContentTypes, which are core content types used in Plone versions 2.1 through 4.3. Plone is an open-source content management system widely used for building websites and intranets. The vulnerability arises from a reflected cross-site scripting (XSS) and open redirect issue linked to the image_view_fullscreen page. Specifically, if an attacker can poison a cache—such as Varnish caching proxy—with a compromised version of this page, subsequent visitors retrieving the cached page may be redirected to malicious sites when clicking on links within it. This attack vector is known as cache poisoning. The vulnerability primarily affects anonymous users, although the impact can vary depending on individual user cache settings. The root cause is improper sanitization of input parameters leading to reflected XSS (CWE-79) and open redirect flaws. The issue was addressed in version 3.0.6 of Products.ATContentTypes, which is compatible with Plone 5.2 running on Python 2. As an interim mitigation, administrators are advised to configure caching layers to exclude the image_view_fullscreen page from being cached, preventing poisoned content from being served to users. No known exploits have been reported in the wild to date. The CVSS v3.1 base score is 4.3 (medium), reflecting that the attack can be performed remotely without privileges but requires user interaction and results in limited confidentiality impact without affecting integrity or availability.
Potential Impact
For European organizations utilizing Plone CMS versions dependent on vulnerable Products.ATContentTypes (prior to 3.0.6), this vulnerability poses a risk of client-side attacks via reflected XSS and open redirects. Attackers could exploit cache poisoning to serve malicious content to website visitors, potentially leading to phishing, session hijacking, or redirection to malicious sites. While the direct impact on the server or backend systems is minimal, the reputational damage and loss of user trust can be significant, especially for public-facing websites of government agencies, educational institutions, and enterprises. Since anonymous users are primarily affected, organizations with high volumes of public traffic are at greater risk. The vulnerability does not compromise data integrity or availability but can lead to leakage of sensitive information through client-side attacks. The reliance on caching proxies like Varnish in European deployments increases the attack surface if cache configurations are not properly hardened. Given the medium severity and the availability of a patch, the impact is manageable but requires timely remediation to prevent exploitation.
Mitigation Recommendations
1. Upgrade Products.ATContentTypes to version 3.0.6 or later, which contains the fix for this vulnerability. Ensure that the Plone instance is compatible with this version, particularly if running Plone 5.2 on Python 2. 2. Configure caching layers such as Varnish or other reverse proxies to exclude the image_view_fullscreen page from being cached. This prevents cache poisoning attacks by ensuring that maliciously crafted pages are not stored and served to other users. 3. Implement strict Content Security Policy (CSP) headers to limit the impact of reflected XSS by restricting the sources of executable scripts and preventing inline script execution. 4. Conduct regular security audits and penetration testing focusing on cache configurations and input sanitization in Plone-based websites. 5. Educate administrators and developers about secure coding practices related to input validation and output encoding to prevent reflected XSS and open redirect vulnerabilities in future customizations. 6. Monitor web traffic and logs for unusual redirect patterns or cache anomalies that could indicate attempted exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy, Spain
CVE-2022-23599: n/a in n/a
Description
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.
AI-Powered Analysis
Technical Analysis
CVE-2022-23599 is a medium-severity vulnerability affecting Products.ATContentTypes, which are core content types used in Plone versions 2.1 through 4.3. Plone is an open-source content management system widely used for building websites and intranets. The vulnerability arises from a reflected cross-site scripting (XSS) and open redirect issue linked to the image_view_fullscreen page. Specifically, if an attacker can poison a cache—such as Varnish caching proxy—with a compromised version of this page, subsequent visitors retrieving the cached page may be redirected to malicious sites when clicking on links within it. This attack vector is known as cache poisoning. The vulnerability primarily affects anonymous users, although the impact can vary depending on individual user cache settings. The root cause is improper sanitization of input parameters leading to reflected XSS (CWE-79) and open redirect flaws. The issue was addressed in version 3.0.6 of Products.ATContentTypes, which is compatible with Plone 5.2 running on Python 2. As an interim mitigation, administrators are advised to configure caching layers to exclude the image_view_fullscreen page from being cached, preventing poisoned content from being served to users. No known exploits have been reported in the wild to date. The CVSS v3.1 base score is 4.3 (medium), reflecting that the attack can be performed remotely without privileges but requires user interaction and results in limited confidentiality impact without affecting integrity or availability.
Potential Impact
For European organizations utilizing Plone CMS versions dependent on vulnerable Products.ATContentTypes (prior to 3.0.6), this vulnerability poses a risk of client-side attacks via reflected XSS and open redirects. Attackers could exploit cache poisoning to serve malicious content to website visitors, potentially leading to phishing, session hijacking, or redirection to malicious sites. While the direct impact on the server or backend systems is minimal, the reputational damage and loss of user trust can be significant, especially for public-facing websites of government agencies, educational institutions, and enterprises. Since anonymous users are primarily affected, organizations with high volumes of public traffic are at greater risk. The vulnerability does not compromise data integrity or availability but can lead to leakage of sensitive information through client-side attacks. The reliance on caching proxies like Varnish in European deployments increases the attack surface if cache configurations are not properly hardened. Given the medium severity and the availability of a patch, the impact is manageable but requires timely remediation to prevent exploitation.
Mitigation Recommendations
1. Upgrade Products.ATContentTypes to version 3.0.6 or later, which contains the fix for this vulnerability. Ensure that the Plone instance is compatible with this version, particularly if running Plone 5.2 on Python 2. 2. Configure caching layers such as Varnish or other reverse proxies to exclude the image_view_fullscreen page from being cached. This prevents cache poisoning attacks by ensuring that maliciously crafted pages are not stored and served to other users. 3. Implement strict Content Security Policy (CSP) headers to limit the impact of reflected XSS by restricting the sources of executable scripts and preventing inline script execution. 4. Conduct regular security audits and penetration testing focusing on cache configurations and input sanitization in Plone-based websites. 5. Educate administrators and developers about secure coding practices related to input validation and output encoding to prevent reflected XSS and open redirect vulnerabilities in future customizations. 6. Monitor web traffic and logs for unusual redirect patterns or cache anomalies that could indicate attempted exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-01-19T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981ec4522896dcbdc065
Added to database: 5/21/2025, 9:08:46 AM
Last enriched: 7/6/2025, 11:41:02 PM
Last updated: 7/30/2025, 2:53:10 AM
Views: 8
Related Threats
CVE-2025-49895: CWE-352 Cross-Site Request Forgery (CSRF) in iThemes ServerBuddy by PluginBuddy.com
HighCVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.