CVE-2008-4571

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pypi/Plone

Identifiers

GHSA-46f9-f8jm-mw2x, CVE-2008-4571

Package Slug

pypi/Plone

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

Affected Versions

All versions before 3.0.4

Solution

Upgrade to version 3.0.4 or above.

Last Modified

2024-02-12

source