PYSEC-2020-218

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-218.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-218

Aliases

CVE-2013-7062
GHSA-4793-w44w-m7xm

Published

2020-01-02T19:15:00Z

Modified

2023-11-01T04:45:20.442807Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browseridmanager or (2) OFS.Image method.

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

4.0a1

Introduced

4.0

Fixed

4.0.10

Introduced

4.1

Fixed

4.2a1

Introduced

4.2

Fixed

4.3a1

Introduced

4.3

Fixed

4.3.3

Affected versions

3.*

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3

4.3.1

4.3.2