Description
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Formidable-Clockwork SMS Cross-Site Scripting (1.0.3)
OpenSSL Resource Management Errors Vulnerability (CVE-2009-4355)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9041)
Jenkins Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-1999043)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7848)