2 matches found
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33508
The CVE-2021-33508 entry describes a XSS vulnerability in Plone versions up to 5.2.4 where the user’s full name is mishandled during rendering of the ownership tab, enabling cross-site scripting. Affected product: Plone CMS (up to 5.2.4). Root cause: improper handling of the fullname field in the...