Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Auto Publish for Google My Business Cross-Site Scripting (3.3)
Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2203)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10188)
phpMyFAQ Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2017-11187)