Plone has stored XSS in folder contents
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 18, 2024
Description
Published by the National Vulnerability Database
Jun 30, 2021
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Apr 22, 2024
Last updated
Oct 18, 2024
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
References