Description
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0095)
WordPress Plugin Spreadsheet Cross-Site Scripting (2.0)
Oracle Application Server Other Vulnerability (CVE-2002-0559)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20100)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)