Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
OpenSSL CVE-2024-0727 Vulnerability (CVE-2024-0727)
Jenkins Incorrect Authorization Vulnerability (CVE-2023-27903)
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)
Jetty Improper Access Control Vulnerability (CVE-2016-4800)
Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)