Persistent XSS
This is a persistent cross-site scripting (XSS) attack. It allows a user to craft markup that bypasses Plone's safe_html filter to insert and save arbitrary HTML with malicious content.
Versions affected
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0
- 3.3.5
- 3.3.4
- 3.3.3
- 3.3.2
Vulnerability
Current status
Credits
Discovered by
- Daniel Berlin (Google)
- Dan Bentley (Google)
- Brian Peters (Independent)
Fixed by
- Plone Security Team
Coordinated by
- Plone Security Team