Home page logo
/

bugtraq logo Bugtraq mailing list archives

[CVE-REQUEST] Plone XSS and permission errors
From: matthew () matthewwilkes name
Date: Thu, 26 May 2011 08:06:06 -0600

Hello all,

As a member of the Plone security response team I hereby notify you that we have been made aware of three distinct 
security holes in Plone and are requesting CVE identifiers.


1. Reflected XSS attack
A crafted URL can display arbitrary HTML output


2. Persistent XSS attack
Certain valid HTML will allow Javascript filtering to be bypassed.


3. Unauthorised data changes
One change form for data allows preferences to be changed.  No deletion of content of loss of confidentiality is 
possible.


Thanks very much, 

Matthew


  By Date           By Thread  

Current thread:
  • [CVE-REQUEST] Plone XSS and permission errors matthew (May 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]