Description

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

Remediation

References

CVE-2011-1949

Related Vulnerabilities

MySQL CVE-2013-5881 Vulnerability (CVE-2013-5881)

WordPress Plugin RentPress Cross-Site Scripting (6.6.4)

WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-36160)

Severity

Low

Classification

CVE-2011-1949 CWE-707

Tags

Missing Update Known Vulnerabilities