Plone XSS Vulnerability · CVE-2021-29002 · GitHub Advisory Database · GitHub

Plone XSS Vulnerability

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

plone (pip)

Affected versions

<= 5.2.3

Patched versions

None

Description

A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the form.widgets.site_title parameter.

References

Published by the National Vulnerability Database

Mar 24, 2021

Published to the GitHub Advisory Database May 24, 2022

Reviewed Apr 22, 2024

Last updated Nov 22, 2024