PYSEC-2014-54

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-54.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-54

Aliases

CVE-2013-4190
GHSA-89rq-27xp-vgv7

Published

2014-03-11T19:37:00Z

Modified

2026-06-10T17:01:31.480563684Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

4.1.1

Introduced

4.2

Fixed

4.2.6

Introduced

4.3

Fixed

4.3.2

Affected versions

3.*

3.2a1

3.2rc1

3.2

3.2.1

3.2.2

3.2.3

3.3b1

3.3rc1

3.3rc2

3.3rc3

3.3rc4

3.3rc5

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

4.*

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0b1

4.0b2

4.0b3

4.0b4

4.0b5

4.0rc1

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3

4.3.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-54.yaml"