Description

A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.

Remediation

References

CVE-2017-1000482

Related Vulnerabilities

MySQL CVE-2015-0498 Vulnerability (CVE-2015-0498)

WordPress Plugin Smart Marketing SMS and Newsletters Forms Security Bypass (2.6.1)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

WordPress Plugin Bookmarkify Multiple Vulnerabilities (2.9.2)

Oracle Database Server CVE-2008-1821 Vulnerability (CVE-2008-1821)

Severity

Medium

Classification

CVE-2017-1000482 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities