Description

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

Remediation

References

CVE-2010-2422

Related Vulnerabilities

ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)

WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2)

Internet Information Services Other Vulnerability (CVE-2000-0167)

WordPress Plugin Custom Field Suite Security Bypass (2.4)

Zope Web Application Server Other Vulnerability (CVE-2001-1278)

Severity

Medium

Classification

CVE-2010-2422 CWE-707

Tags

Missing Update Known Vulnerabilities