Lucene search

GitHub Advisory DatabaseGHSA-QJ7X-WM9Q-QJX8

HistoryMay 17, 2022 - 5:50 a.m.

Plone Cross-site Scripting vulnerability in PortalTransforms

2022-05-1705:50:05

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

Affected configurations

Vulners

Node

ploneploneRange2.1≥

ploneploneRange≤3.3.5

CPENameOperatorVersion
plonege2.1
plonele3.3.5

CPE	Name	Operator	Version
	plone	ge	2.1
	plone	le	3.3.5

References

plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html

github.com/advisories/GHSA-qj7x-wm9q-qjx8

nvd.nist.gov/vuln/detail/CVE-2010-2422

web.archive.org/web/20100728161728/secunia.com/advisories/40270

web.archive.org/web/20200228223808/www.securityfocus.com/bid/40999

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Related for GHSA-QJ7X-WM9Q-QJX8