—

PYSEC-2021-79

Details

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 5.2.5

Fix pip install --upgrade 'plone>=5.2.5'

References

https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots [WEB]
http://www.openwall.com/lists/oss-security/2021/05/22/1 [WEB]
https://github.com/advisories/GHSA-35rg-466w-77h3 [ADVISORY]