Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
Moderate severity
GitHub Reviewed
Published
Jun 18, 2021
to the GitHub Advisory Database
•
Updated Oct 18, 2024
Description
Published by the National Vulnerability Database
May 21, 2021
Reviewed
May 27, 2021
Published to the GitHub Advisory Database
Jun 18, 2021
Last updated
Oct 18, 2024
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
References