CVE-2015-7316: Non-Persistent XSS

September 25, 2017 (updated October 3, 2017)

Plone’s URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into this specially crafted url, XSS can be achieved.

References

github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
plone.org/security/20150910/
plone.org/security/20150910/non-persistent-xss-in-plone
pypi.python.org/pypi/Products.PloneHotfix20150910

Detect and mitigate CVE-2015-7316 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →