Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Cross-Site Scripting (13.02)
WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)
WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)
WordPress Plugin Real-Time Find and Replace Cross-Site Scripting (3.8)
WordPress Plugin Advanced Contact form 7 DB Arbitrary File Upload (1.4.4)