GHSA-qfhw-fv3g-v836

Source

https://github.com/advisories/GHSA-qfhw-fv3g-v836

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfhw-fv3g-v836/GHSA-qfhw-fv3g-v836.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qfhw-fv3g-v836

Aliases

Published

2022-05-24T19:06:41Z

Modified

2024-10-18T22:00:51.325634Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Plone has stored XSS in folder contents

Details

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.

Database specific

{
    "github_reviewed_at": "2024-04-22T22:51:04Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2021-06-30T01:15:00Z"
}

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Last affected

5.2.4

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfhw-fv3g-v836/GHSA-qfhw-fv3g-v836.json"