2 matches found
PYSEC-2014-46
Cross-site scripting XSS vulnerability in widgettraversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-7146
IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to 1 KnowledgeImpactCourse.htm, 2 LRN-formattedCourse.htm, or 3 CreateCourse.htm in help/1/Instructor/, which reveals the installation path in...