Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1wcDRjLTI2OTItN2YzN84AAV9s

Plone Cross-site Scripting (XSS) vulnerability

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Permalink: https://github.com/advisories/GHSA-pp4c-2692-7f37
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcDRjLTI2OTItN2YzN84AAV9s
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 19 days ago

CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-pp4c-2692-7f37, CVE-2016-7139
References:

Blast Radius: 5.2

Affected Packages

pypi:Plone

Dependent packages: 5
Dependent repositories: 7
Downloads: 8,914 last month
Affected Version Ranges: >= 3.3.0, < 4.3.12, >= 5.0.0, < 5.0.6
Fixed in: 4.3.12, 5.0.6
All affected versions: 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11