—

PYSEC-2010-19

Details

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 3.3.5

Fix pip install --upgrade 'plone>=3.3.5'

References

http://secunia.com/advisories/40270 [ADVISORY]
http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html [ADVISORY]
http://www.securityfocus.com/bid/40999 [WEB]