CVE-2017-1000482
03.01.2018, 18:29
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
| Vendor | Product | Version |
|---|---|---|
| plone | plone | 𝑥 ≤ 5.0.9 |
| plone | plone | 5.1:a1 |
| plone | plone | 5.1:a2 |
| plone | plone | 5.1:b2 |
| plone | plone | 5.1:b3 |
| plone | plone | 5.1:b4 |
| plone | plone | 5.1:rc1 |
𝑥
= Vulnerable software versions