Plone XSS
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Oct 18, 2024
Package
Affected versions
>= 5.0.0, <= 5.0.6
>= 4.0.0, <= 4.3.11
>= 3.3.0, <= 3.3.6
Patched versions
None
Description
Published by the National Vulnerability Database
Mar 7, 2017
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 31, 2023
Last updated
Oct 18, 2024
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References