Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26419
HistoryMay 26, 2011 - 12:00 a.m.

[CVE-REQUEST] Plone XSS and permission errors

2011-05-2600:00:00
vulners.com
9
JSON

Hello all,

As a member of the Plone security response team I hereby notify you that we have been made aware of three
distinct security holes in Plone and are requesting CVE identifiers.

  1. Reflected XSS attack
    A crafted URL can display arbitrary HTML output

  2. Persistent XSS attack
    Certain valid HTML will allow Javascript filtering to be bypassed.

  3. Unauthorised data changes
    One change form for data allows preferences to be changed. No deletion of content of loss of confidentiality is
    possible.

Thanks very much,

Matthew

JSON