PYSEC-2020-86

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-86.yaml

Aliases

CVE-2020-7937
GHSA-8mc4-2xrc-g582

Published

2020-01-23T21:15:00Z

Modified

2023-11-08T04:04:11.621359Z

Details

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.

References

https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher
https://www.openwall.com/lists/oss-security/2020/01/22/1
http://www.openwall.com/lists/oss-security/2020/01/24/1

Affected packages

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.2.2

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1