Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00NzkzLXc0NHctbTd4bc3grw

Plone Zope cross-site scripting (XSS) vulnerability

Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.

Permalink: https://github.com/advisories/GHSA-4793-w44w-m7xm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NzkzLXc0NHctbTd4bc3grw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-4793-w44w-m7xm, CVE-2013-7062
References:

Blast Radius: 5.2

Affected Packages

pypi:plone

Dependent packages: 5
Dependent repositories: 7
Downloads: 7,986 last month
Affected Version Ranges: >= 4.3, < 4.3.2, >= 4.1, < 4.1.6, >= 4.0, < 4.0.9, >= 3.3, < 3.3.6
Fixed in: 4.3.2, 4.1.6, 4.0.9, 3.3.6
All affected versions: 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.3.1
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 3.3.6, 4.0.9, 4.0.10, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11