CVE-2012-5502

Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ploneplone
𝑥
≤ 4.2.2
ploneplone
1.0
ploneplone
1.0.1
ploneplone
1.0.2
ploneplone
1.0.3
ploneplone
1.0.4
ploneplone
1.0.5
ploneplone
1.0.6
ploneplone
2.0
ploneplone
2.0.1
ploneplone
2.0.2
ploneplone
2.0.3
ploneplone
2.0.4
ploneplone
2.0.5
ploneplone
2.1
ploneplone
2.1.1
ploneplone
2.1.2
ploneplone
2.1.3
ploneplone
2.1.4
ploneplone
2.5
ploneplone
2.5.1
ploneplone
2.5.2
ploneplone
2.5.3
ploneplone
2.5.4
ploneplone
2.5.5
ploneplone
3.0
ploneplone
3.0.1
ploneplone
3.0.2
ploneplone
3.0.3
ploneplone
3.0.4
ploneplone
3.0.5
ploneplone
3.0.6
ploneplone
3.1
ploneplone
3.1.1
ploneplone
3.1.2
ploneplone
3.1.3
ploneplone
3.1.4
ploneplone
3.1.5.1
ploneplone
3.1.6
ploneplone
3.1.7
ploneplone
3.2
ploneplone
3.2.1
ploneplone
3.2.2
ploneplone
3.2.3
ploneplone
3.3
ploneplone
3.3.1
ploneplone
3.3.2
ploneplone
3.3.3
ploneplone
3.3.4
ploneplone
3.3.5
ploneplone
4.0
ploneplone
4.0.1
ploneplone
4.0.2
ploneplone
4.0.3
ploneplone
4.0.4
ploneplone
4.0.5
ploneplone
4.0.6.1
ploneplone
4.1
ploneplone
4.1.4
ploneplone
4.1.5
ploneplone
4.1.6
ploneplone
4.2
ploneplone
4.2:a1
ploneplone
4.2:a2
ploneplone
4.2:b1
ploneplone
4.2:b2
ploneplone
4.2:rc1
ploneplone
4.2:rc2
ploneplone
4.2.0.1
ploneplone
4.2.1
ploneplone
4.2.1.1
ploneplone
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2012/11/10/1
https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
https://plone.org/products/plone-hotfix/releases/20121106
https://plone.org/products/plone/security/advisories/20121106/18
http://www.openwall.com/lists/oss-security/2012/11/10/1
https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
https://plone.org/products/plone-hotfix/releases/20121106
https://plone.org/products/plone/security/advisories/20121106/18