Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool · CVE-2011-1948 · GitHub Advisory Database · GitHub

Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool

Moderate severity GitHub Reviewed Published Jul 23, 2018 to the GitHub Advisory Database • Updated Feb 13, 2023

Package

Products.CMFPlone (pip)

Affected versions

< 4.0.7

>= 4.1a1, <= 4.1rc2

Patched versions

4.0.7

4.1rc3

Products.PasswordResetTool (pip)

< 2.0.6

2.0.6

Description

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

References

Published by the National Vulnerability Database

Jun 6, 2011

Published to the GitHub Advisory Database Jul 23, 2018

Reviewed Jun 16, 2020

Last updated Feb 13, 2023