Lucene search
HistoryOct 03, 2022 - 4:21 p.m.
CVE-2010-2422
cve
2010-2422
cross-site scripting
xss
vulnerability
portaltransforms
plone
remote attackers
web script
html
safe_html transform
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.8%
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
Affected configurations
Node
ploneploneMatch2.1
ORploneploneMatch2.1.1
ORploneploneMatch2.1.2
ORploneploneMatch2.1.3
ORploneploneMatch2.1.4
ORploneploneMatch2.5
ORploneploneMatch2.5.1
ORploneploneMatch2.5.2
ORploneploneMatch2.5.3
ORploneploneMatch2.5.4
ORploneploneMatch2.5.5
ORploneploneMatch3.0
ORploneploneMatch3.0.1
ORploneploneMatch3.0.2
ORploneploneMatch3.0.3
ORploneploneMatch3.0.4
ORploneploneMatch3.0.5
ORploneploneMatch3.0.6
ORploneploneMatch3.1
ORploneploneMatch3.1.1
ORploneploneMatch3.1.2
ORploneploneMatch3.1.3
ORploneploneMatch3.1.4
ORploneploneMatch3.1.5.1
ORploneploneMatch3.1.6
ORploneploneMatch3.1.7
ORploneploneMatch3.2
ORploneploneMatch3.2.1
ORploneploneMatch3.2.2
ORploneploneMatch3.2.3
ORploneploneMatch3.3
ORploneploneMatch3.3.1
ORploneploneMatch3.3.2
ORploneploneMatch3.3.3
ORploneploneMatch3.3.4
ORploneploneMatch3.3.5
Related
osv
osv
PYSEC-2010-19
2010-06-24 12:17:00
Plone Cross-site Scripting vulnerability in PortalTransforms
2022-05-17 05:50:05
Low severity vulnerability that affects Plone
2018-07-23 21:01:10
cvelist
cvelist
CVE-2010-2422
2022-10-03 16:21:08
CVE-2011-1949
2011-06-06 19:00:00
nvd
nvd
CVE-2010-2422
2010-06-24 12:17:44
CVE-2011-1949
2011-06-06 19:55:02
github
github
Plone Cross-site Scripting vulnerability in PortalTransforms
2022-05-17 05:50:05
Low severity vulnerability that affects Plone
2018-07-23 21:01:10
prion
prion
Cross site scripting
2010-06-24 12:17:00
Cross site scripting
2011-06-06 19:55:00
cve
cve
CVE-2011-1949
2011-06-06 19:55:02
ubuntucve
ubuntucve
CVE-2011-1949
2011-06-06 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.8%
Related for CVE-2010-2422