9 matches found
EUVD-2021-0190
Malware in sbrugna...
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
Cross-site scripting in Plone
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
GHSA-RMPV-RCP6-V8WC Cross-site scripting in Plone
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
PYSEC-2021-80
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
Code injection
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33508
The CVE-2021-33508 entry describes a XSS vulnerability in Plone versions up to 5.2.4 where the user’s full name is mishandled during rendering of the ownership tab, enabling cross-site scripting. Affected product: Plone CMS (up to 5.2.4). Root cause: improper handling of the fullname field in the...