GHSA-46f9-f8jm-mw2x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-46f9-f8jm-mw2x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46f9-f8jm-mw2x/GHSA-46f9-f8jm-mw2x.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-46f9-f8jm-mw2x
- Aliases
-
- CVE-2008-4571
- Published
- 2022-05-02T00:11:22Z
- Modified
- 2024-02-09T18:56:57.249230Z
- Summary
- Plone Cross-site Scripting vulnerability in the LiveSearch module
- Details
-
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
- Database specific
{ "nvd_published_at": "2008-10-15T20:00:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-09T18:37:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-4571
- https://github.com/plone/Plone
- https://web.archive.org/web/20081012113150/http://secunia.com/advisories/28293
- https://web.archive.org/web/20120705155735/http://www.securityfocus.com/bid/27098
- http://dev.plone.org/plone/ticket/7439
- http://plone.org/products/plone/releases/3.0.4
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone