PT-2021-20171 · Plone · Plone
Igor Margitich
·
Published
2021-05-21
·
Updated
2021-06-08
·
CVE-2021-33513
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plone versions through 5.2.4
Description
The issue allows for cross-site scripting (XSS) attacks via the
inline diff methods in Products.CMFDiffTool. This can potentially lead to malicious script execution on the client-side.Recommendations
For Plone versions through 5.2.4, consider disabling the
inline diff methods in Products.CMFDiffTool as a temporary workaround until a patch is available. Restrict access to the affected Products.CMFDiffTool module to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plone