Safety vulnerability ID: 37753
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. See: CVE-2013-7062.
Latest version: 6.1.1
The Plone Content Management System
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
CONFIRM:https://plone.org/security/20131210/zope-xss-in-OFS: https://plone.org/security/20131210/zope-xss-in-OFS
CONFIRM:https://plone.org/security/20131210/zope-xss-in-browseridmanager: https://plone.org/security/20131210/zope-xss-in-browseridmanager
MISC:http://seclists.org/oss-sec/2013/q4/467: http://seclists.org/oss-sec/2013/q4/467
MISC:http://seclists.org/oss-sec/2013/q4/485: http://seclists.org/oss-sec/2013/q4/485
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/89623: https://exchange.xforce.ibmcloud.com/vulnerabilities/89623
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/89627: https://exchange.xforce.ibmcloud.com/vulnerabilities/89627
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application