Cross-Site Scripting Vulnerability in Plone by Plone Foundation
CVE-2021-33513

5.4MEDIUM

Key Information:

Vendor

Plone

Status
Plone
Vendor
CVE Published:
21 May 2021

What is CVE-2021-33513?

Plone version 5.2.4 has a vulnerability that allows for Cross-Site Scripting (XSS) attacks through the inline_diff methods in the Products.CMFDiffTool module. By exploiting this vulnerability, an attacker could inject malicious scripts into web pages viewed by users, compromising user data and potentially leading to unauthorized actions. It is critical for users of affected versions to apply the security hotfix promptly to protect their installations from exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://plone.org/security/hotfix/20210518/xss-vulnerabil...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/22/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.