collective.dms.basecontent is vulnerable to cross-site scripting. The vulnerability exists in the renderCell
function of column.py
due to missing escape characters which allows an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
collective.dms.basecontent | le | 1.6 | |
collective.dms.basecontent | le | 0.6 | |
collective.dms.basecontent | le | 1.6 | |
collective.dms.basecontent | le | 0.6 |