Описание
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1948
- https://access.redhat.com/errata/RHSA-2012:0151
- https://access.redhat.com/security/cve/CVE-2011-1948
- https://bugzilla.redhat.com/show_bug.cgi?id=711494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67693
- https://github.com/advisories/GHSA-p7h9-vf92-5fj5
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
- http://plone.org/products/plone/security/advisories/CVE-2011-1948
Пакеты
Products.PasswordResetTool
< 2.0.6
2.0.6
Products.CMFPlone
< 4.0.7
4.0.7
Products.CMFPlone
>= 4.1a1, <= 4.1rc2
4.1rc3
Plone
< 4.1.1
4.1.1
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allo ...
ELSA-2012-0151: conga security, bug fix, and enhancement update (MODERATE)