GHSA-22jm-p2vv-j2hc

Source

https://github.com/advisories/GHSA-22jm-p2vv-j2hc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-22jm-p2vv-j2hc/GHSA-22jm-p2vv-j2hc.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-22jm-p2vv-j2hc

Aliases

Published

2022-05-14T02:46:11Z

Modified

2024-10-16T02:57:43.412360Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Plone XSS

Details

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T18:51:11Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2017-03-07T16:59:00Z"
}

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Last affected

5.0.6

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Last affected

4.3.11

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11