PYSEC-2026-730

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2026-730.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-730
Aliases
Published
2026-07-02T14:13:21.174937Z
Modified
2026-07-06T08:00:51.393194143Z
Summary
Plone Cross-site Scripting vulnerability in the LiveSearch module
Details

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2026-730.yaml"