Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1948 to the following vulnerability: Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1948 [2] http://www.securityfocus.com/archive/1/archive/1/518155/100/0/threaded [3] http://plone.org/products/plone/security/advisories/CVE-2011-1948 [4] http://www.securityfocus.com/bid/48005 [5] http://secunia.com/advisories/44775 [6] http://secunia.com/advisories/44776 [7] http://xforce.iss.net/xforce/xfdb/67693
This issue affects the version of the plone package, as present within EPEL-5 repository. Please schedule an update.
Created plone tracking bugs for this issue Affects: epel-5 [bug 711497]
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0151 https://rhn.redhat.com/errata/RHSA-2012-0151.html