Описание
Plone Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67694
- https://github.com/advisories/GHSA-h6hq-c896-w882
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml
- http://plone.org/products/plone/security/advisories/CVE-2011-1949
Пакеты
Plone
>= 3.3.2, < 3.3.6
3.3.6
Plone
>= 4.0a0, < 4.0.6
4.0.6
Plone
>= 4.1a0, < 4.1.1
4.1.1
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Cross-site scripting (XSS) vulnerability in the safe_html filter in Pr ...