Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12M2hwLWY4cXItY2YzcM4AAV9r

Plone XSS

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Permalink: https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M2hwLWY4cXItY2YzcM4AAV9r
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-v3hp-f8qr-cf3p, CVE-2016-7138
References:

Blast Radius: 5.2

Affected Packages

pypi:plone

Dependent packages: 5
Dependent repositories: 7
Downloads: 7,986 last month
Affected Version Ranges: >= 3.3.0, <= 3.3.6, >= 4.0.0, <= 4.3.11, >= 5.0.0, <= 5.0.6
No known fixed version
All affected versions: 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6