collective.contact.widget is vulnerable to cross-site scripting. The vulnerability exists because the title
function of widgets.py
does not properly escape the title
attribute before being rendered, allowing an attacker to inject and execute malicious javascript
CPE | Name | Operator | Version |
---|---|---|---|
collective.contact.widget | le | 1.12 | |
collective.contact.widget | le | 1.12 |