Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
Ruby Improper Input Validation Vulnerability (CVE-2009-4492)
WordPress Plugin Easy Registration Forms CSV Injection (2.0.6)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4613)
WordPress Plugin WP Easy Gallery Cross-Site Scripting (4.1.3)
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)