GHSA-8mc4-2xrc-g582

Source

https://github.com/advisories/GHSA-8mc4-2xrc-g582

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8mc4-2xrc-g582/GHSA-8mc4-2xrc-g582.json

Aliases

CVE-2020-7937
PYSEC-2020-86

Published

2022-05-24T17:07:14Z

Modified

2024-02-16T08:05:34.230174Z

Summary

Plone cross site scripting (XSS)

Details

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-7937
https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher
https://www.openwall.com/lists/oss-security/2020/01/22/1
http://www.openwall.com/lists/oss-security/2020/01/24/1

Affected packages

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Last affected

5.2.1

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1