2 matches found
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...
CVE-2021-33512
Plone up to version 5.2.4 is affected by a stored XSS vulnerability. The issue allows an attacker (Contributor) to upload an SVG or HTML document, enabling stored cross-site scripting in affected content. Root cause is improper handling of file uploads that can inject script into pages. Affected:...