CVE-2021-33508
- Source
- https://cve.org/CVERecord?id=CVE-2021-33508
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33508.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33508
- Aliases
- Published
- 2021-05-21T22:15:08.507Z
- Modified
- 2025-11-20T11:44:57.938132Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
- References
Affected packages
Git / github.com/plone/plone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/plone/plone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
4.*
4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3a1
4.3a2
4.3b1
4.3b2
5.*
5.0
5.0.1
5.0.2
5.0a2
5.0a3
5.0b1
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5