Description
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)
WordPress Plugin Rich Reviews Multiple Vulnerabilities (1.7.3)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.22)