Stored XSS from user fullname
Versions affected
- 5.2.4
- 5.2.3
- 5.2.2
- 5.2.1
- 5.2.0
- 5.1rc2
- 5.1rc1
- 5.1b4
- 5.1b3
- 5.1b2
- 5.1a2
- 5.1a1
- 5.1.7
- 5.1.6
- 5.1.5
- 5.1.4
- 5.1.2
- 5.1.1
- 5.1
- 5.0rc3
- 5.0rc2
- 5.0rc1
- 5.0.9
- 5.0.8
- 5.0.7
- 5.0.6
- 5.0.5
- 5.0.4
- 5.0.3
- 5.0.2
- 5.0.10
- 5.0.1
- 5.0
Vulnerability
On Plone 5 a user could use a script tag in the full name field of the user details. In most places this would show up escaped, ineffective. But on the ownership tab of a content item, an editor could search for the name, click on it, and then the script code would be executed.
Current status
Hotfixed.
Credits
Discovered by
- Tino Kautschke
Fixed by
- Plone Security Team
Coordinated by
- Plone Security Team