PYSEC-2021-110

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-110.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-110

Aliases

Published

2021-06-30T01:15:00Z

Modified

2024-04-22T23:12:23.024982Z

Summary

[none]

Details

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.2.5

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-110.yaml"