CVE-2021-33512

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33512

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33512.json

Aliases

GHSA-hm2h-f456-6j88
PYSEC-2021-84

Published

2021-05-21T22:15:08Z

Modified

2023-11-29T08:55:20.937339Z

Details

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.

References

https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
http://www.openwall.com/lists/oss-security/2021/05/22/1

Affected packages

Git / github.com/plone/plone

Affected ranges

Type: GIT
Repo: https://github.com/plone/plone
Events: Introduced

0The exact introduced commit is unknown

Last affected

d5b50de9c17faac5051d06141bd12cd3e40af8e8

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.3

4.3.1

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.0a2

5.0a3

5.0b1

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5