CVE-2011-1340

CVE-2011-1340 describes a cross-site scripting (XSS) vulnerability in the Plone CMS. The flaw resides in skins/plone_templates/default_error_message.pt and allows injection of arbitrary script/HTML via the type_name parameter to Members/ipa/createObject. Affected versions are Plone up to 2.5.2 (b...