Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)
WordPress Plugin Duplicate Page and Post SQL Injection (2.5.6)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Scripting (4.6.1)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11039)
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)