CVE-2021-3313

Published: 20/05/2021 Updated: 25/05/2021

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an malicious user to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plone plone

CVE numbers inline below Thanks On 21/05/2021 16:07, Maurits van Rees wrote: CVE-2021-33509 CVE-2021-33512 CVE-2021-33507 CVE-2021-33513 CVE-2021-33508 issued, but I forgot that the original reporter already reserved CVE-2021-3313 which is public now with his report My bad CVE-2021-33510 CVE-2021-33511 -- Maurits van Re ...

CWE-79 https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt https://plone.org/download/releases/5.2.3 https://plone.org/security/hotfix/20210518 http://www.openwall.com/lists/oss-security/2021/05/22/1 https://nvd.nist.gov http://seclists.org/oss-sec/2021/q2/159

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-3313

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect