Lucene search

GitHub Advisory DatabaseGHSA-H6HQ-C896-W882

HistoryJul 23, 2018 - 9:01 p.m.

Low severity vulnerability that affects Plone

2018-07-2321:01:10

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.7%

JSON

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

Affected configurations

Vulners

Node

ploneploneRange<4.0.6

ploneploneRange<3.3.6

CPENameOperatorVersion
plonelt4.0.6
plonelt3.3.6

CPE	Name	Operator	Version
	plone	lt	4.0.6
	plone	lt	3.3.6

References

osvdb.org/72728

plone.org/products/plone/security/advisories/CVE-2011-1949

secunia.com/advisories/44775

secunia.com/advisories/44776

securityreason.com/securityalert/8269

www.securityfocus.com/archive/1/518155/100/0/threaded

www.securityfocus.com/bid/48005

exchange.xforce.ibmcloud.com/vulnerabilities/67694

github.com/advisories/GHSA-h6hq-c896-w882

nvd.nist.gov/vuln/detail/CVE-2011-1949

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.7%

JSON

Related for GHSA-H6HQ-C896-W882