Описание
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | conga | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1532485plone: XSS in member's home_page property
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
около 8 лет назад
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
CVSS3: 5.4
github
больше 3 лет назад
Products.CMFPlone XSS in profile home_page property
4.3 Medium
CVSS3