3 matches found
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...
CVE-2021-3313
Plone CMS affected: versions up to and including 5.2.4. The issue is a stored XSS in the user fullname attribute and file upload handling, caused by input not being properly encoded when echoed back. Impact is that an attacker can inject JavaScript that executes in the victim’s browser when inter...