Description
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Remediation
References
Related Vulnerabilities
Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1190)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)
WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)
Moodle Improper Input Validation Vulnerability (CVE-2017-2576)