PYSEC-2020-86

Source
https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-86.yaml
Aliases
  • CVE-2020-7937
Published
2020-01-23T21:15:00Z
Modified
2020-01-24T23:07:00Z
Details

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.

References

Affected packages

PyPI / plone

plone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0
Fixed
5.2.2

Affected versions

5.*

5.0
5.0.1
5.0.10
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.2.0
5.2.1
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5