711494 – (CVE-2011-1948) CVE-2011-1948 plone: A reflected cross site scripting vulnerability

Bug 711494 (CVE-2011-1948) - CVE-2011-1948 plone: A reflected cross site scripting vulnerability

Summary: CVE-2011-1948 plone: A reflected cross site scripting vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-1948
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	711497 767295
Blocks:	711503
TreeView+	depends on / blocked

Reported:	2011-06-07 16:17 UTC by Jan Lieskovsky
Modified:	2021-02-24 15:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-21 09:08:53 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	874657	low	CLOSED	CVE-2012-5499 conga (Plone): Partial denial of service through internal function	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	874665	low	CLOSED	CVE-2012-5498 conga (Plone): Partial denial of service through Collections functionality	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	874703	medium	CLOSED	CVE-2012-5494 conga (Plone): Reflexive XSS	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2012:0151	normal	SHIPPED_LIVE	Moderate: conga security, bug fix, and enhancement update	2012-02-21 07:24:48 UTC

Internal Links: 874657 874665 874703

Description Jan Lieskovsky 2011-06-07 16:17:48 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1948 to
the following vulnerability:

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier
allows remote attackers to inject arbitrary web script or HTML via a
crafted URL.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1948
[2] http://www.securityfocus.com/archive/1/archive/1/518155/100/0/threaded
[3] http://plone.org/products/plone/security/advisories/CVE-2011-1948
[4] http://www.securityfocus.com/bid/48005
[5] http://secunia.com/advisories/44775
[6] http://secunia.com/advisories/44776
[7] http://xforce.iss.net/xforce/xfdb/67693

Comment 1 Jan Lieskovsky 2011-06-07 16:19:42 UTC

This issue affects the version of the plone package, as present within EPEL-5
repository. Please schedule an update.

Comment 2 Jan Lieskovsky 2011-06-07 16:23:34 UTC

Created plone tracking bugs for this issue

Affects: epel-5 [bug 711497]

Comment 3 Huzaifa S. Sidhpurwala 2011-10-03 09:10:11 UTC

Statement:

(none)

Comment 17 errata-xmlrpc 2012-02-21 03:16:22 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0151 https://rhn.redhat.com/errata/RHSA-2012-0151.html

Note You need to log in before you can comment on or make changes to this bug.