PT-2021-21080 · Plone · Plone

Matt Moreschi

Published

2021-06-30

Updated

2022-05-24

CVE-2021-35959

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Plone versions 5.0 through 5.2.4

Description: The issue affects Editors in the folder contents view, where a Contributor can create a folder with a SCRIPT tag in the description field, leading to XSS.

Recommendations: For Plone versions 5.0 through 5.2.4, consider disabling the folder contents view for Contributors until a patch is available. Restrict access to the description field to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-35959

GHSA-QFHW-FV3G-V836

PYSEC-2021-110

Affected Products

Plone

PT-2021-21080 · Plone · Plone

CVE-2021-35959

Weakness Enumeration

Related Identifiers

Affected Products

References · 11