Stored Cross-Site Scripting Issue in Plone CMS by Plone Foundation
CVE-2021-29002

5.4MEDIUM

Key Information:

Vendor

Plone

Status
Plone
Vendor
CVE Published:
24 March 2021

What is CVE-2021-29002?

A stored cross-site scripting (XSS) vulnerability is present in Plone CMS version 5.2.3, specifically in the site-controlpanel through the 'form.widgets.site_title' parameter. This vulnerability allows attacker-crafted scripts to be executed in the context of the user, potentially leading to session hijacking, data theft, or other malicious activities. Proper sanitization and validation of user input are critical to mitigate such risks, ensuring the integrity and security of web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/49668
x_refsource_MISC
https://github.com/plone/Products.CMFPlone/issues/3255
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.