GHSA-pp4c-2692-7f37
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pp4c-2692-7f37
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pp4c-2692-7f37/GHSA-pp4c-2692-7f37.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-pp4c-2692-7f37
- Aliases
- Published
- 2022-05-14T02:45:59Z
- Modified
- 2024-10-16T02:59:14.410690Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Plone Cross-site Scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- Database specific
{ "nvd_published_at": "2017-03-07T16:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-29T11:20:02Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-7139
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml
- https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone
- https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752
- https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
- http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
- http://seclists.org/fulldisclosure/2016/Oct/80
- http://www.openwall.com/lists/oss-security/2016/09/05/4
- http://www.openwall.com/lists/oss-security/2016/09/05/5
- http://www.securityfocus.com/archive/1/539572/100/0/threaded
- http://www.securityfocus.com/bid/92752
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone