—

PYSEC-2017-53

Details

Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 3da710a2cd68587f0bf34f2e7ea1167d6eeee087

Fix pip install --upgrade 'plone>=3da710a2cd68587f0bf34f2e7ea1167d6eeee087'

References

https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone [WEB]
https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087 [FIX]
https://bugzilla.redhat.com/show_bug.cgi?id=1264788 [REPORT]
http://www.openwall.com/lists/oss-security/2015/09/22/14 [WEB]