Description
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-0188 | Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload. |
Github GHSA |
GHSA-hprr-4vfq-fcxw | Plone XSS in User Fullname Property and File Upload |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-03T16:53:17.569Z
Reserved: 2021-01-26T00:00:00.000Z
Link: CVE-2021-3313
No data.
Status : Modified
Published: 2021-05-20T16:15:08.283
Modified: 2026-06-17T04:04:55.457
Link: CVE-2021-3313
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA