Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into this specially crafted url, XSS can be achieved. Versions affected are Plone 3.x, 4.1.x, 4.2.x, <4.3.7, <5.0rc1. Upstream patch: https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087 CVE request: http://seclists.org/oss-sec/2015/q3/587