Description

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

Remediation

References

CVE-2011-1949

Related Vulnerabilities

WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)

WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.9.4.6)

XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-37913)

Liferay DXP CVE-2021-38266 Vulnerability (CVE-2021-38266)

WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8)

Severity

Low

Classification

CVE-2011-1949 CWE-707

Tags

Missing Update Known Vulnerabilities