GHSA-859j-668v-mrr6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-859j-668v-mrr6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-859j-668v-mrr6/GHSA-859j-668v-mrr6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-859j-668v-mrr6
- Aliases
- Published
- 2022-05-14T03:49:57Z
- Modified
- 2024-10-18T15:49:27.251525Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Products.CMFPlone XSS in profile home_page property
- Details
-
A member of the Plone site could set javascript in the
home_pageproperty of their profile, and have this executed when a visitor clicks the home page link on the author page. - Database specific
{ "nvd_published_at": "2018-01-03T18:29:00Z", "github_reviewed_at": "2023-07-26T22:20:41Z", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
- https://github.com/plone/Products.CMFPlone/issues/2232
- https://github.com/plone/Products.CMFPlone/pull/2233
- https://github.com/plone/Products.CMFPlone/pull/2234
- https://github.com/plone/Products.CMFPlone/pull/2235
- https://github.com/plone/Products.CMFPlone/pull/2236
- https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
- https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
- https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
- https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
- https://github.com/plone/Products.CMFPlone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
- https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
Affected packages
PyPI / products-cmfplone
Package
- Name
- products-cmfplone
- View open source insights on deps.dev
- Purl
- pkg:pypi/products-cmfplone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.17
Affected versions
4.*
4.0b1
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.0.1
4.2.1
4.2.1.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.4.1
4.3.5
4.3.6
4.3.7
4.3.8rc1
4.3.8
4.3.9
4.3.10rc1
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
PyPI / products-cmfplone
Package
- Name
- products-cmfplone
- View open source insights on deps.dev
- Purl
- pkg:pypi/products-cmfplone
PyPI / products-cmfplone
Package
- Name
- products-cmfplone
- View open source insights on deps.dev
- Purl
- pkg:pypi/products-cmfplone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone