PYSEC-2021-110

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-110.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-110

Aliases

CVE-2021-35959
GHSA-qfhw-fv3g-v836

Published

2021-06-30T01:15:00Z

Modified

2024-04-22T23:12:23.024982Z

Summary

[none]

Details

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.

References

https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents
http://www.openwall.com/lists/oss-security/2021/06/30/2

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.2.5

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4