cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-05-21
Updated
2021-05-27
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
Max CVSS
5.4
EPSS Score
0.08%
Published
2021-05-20
Updated
2021-05-25
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!