Non-Persistent XSS in Plone

Versions affected

5.0rc1
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3

Vulnerability

Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into this specially crafted url, XSS can be achieved. Fixed here: https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087

Current status

Patched

Credits

Discovered by

Peter Uittenbroek

Fixed by

Plone Security Team

Coordinated by

Plone Security Team

Contact

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2015-7316

Type

XSS

Severity

4.3 – medium
Vector	Network
Complexity	Medium
Authentication	None
Confidentiality	None
Integrity	Partial
Availability	None

Timeline

Vulnerability reported: 2014-12-05
Hotfix released: 2015-09-10