Description

Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-5504

Related Vulnerabilities

PHP Observable Discrepancy Vulnerability (CVE-2024-2408)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10378)

WordPress Plugin Blog Designer Cross-Site Scripting (1.8.11)

Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)

Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0226)

Severity

Medium

Classification

CVE-2012-5504 CWE-707

Tags

Missing Update Known Vulnerabilities