Low severity vulnerability that affects Plone
Low severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Package
Affected versions
>= 3.3.2, < 3.3.6
>= 4.0, < 4.0.6
Patched versions
3.3.6
4.0.6
Description
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
Jan 9, 2023
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
References