PYSEC-2014-46

Cross-site scripting XSS vulnerability in widgettraversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2014-2327 · Plone +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. This is possible due to a flaw in the...