Description
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
Published: 2014-09-30
Score: 4.3 Medium
EPSS: 1.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2014-0054 Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\"
Github GHSA Github GHSA GHSA-3g6w-4m7x-97v6 Plone Cross-site scripting Vulnerability
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T21:05:47.247Z

Reserved: 2012-10-24T00:00:00.000Z

Link: CVE-2012-5494

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-30T14:55:06.280

Modified: 2026-06-16T23:46:53.000

Link: CVE-2012-5494

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-11-06T00:00:00Z

Links: CVE-2012-5494 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')