CVE-2008-4571

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ploneplone
𝑥
≤ 3.0.3
ploneplone
2.0.5
ploneplone
2.1.2
ploneplone
2.5
ploneplone
2.5.1
ploneplone
2.5.1_rc:_rc
ploneplone
2.5.4
ploneplone
2.5_beta1:_beta1
ploneplone
3.0
ploneplone
3.0.1
ploneplone
3.0.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
plone3
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://dev.plone.org/plone/ticket/7439
http://osvdb.org/40660
http://plone.org/products/plone/releases/3.0.4
http://secunia.com/advisories/28293
http://www.securityfocus.com/bid/27098
http://dev.plone.org/plone/ticket/7439
http://osvdb.org/40660
http://plone.org/products/plone/releases/3.0.4
http://secunia.com/advisories/28293
http://www.securityfocus.com/bid/27098