Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1340 to the following vulnerability: Name: CVE-2011-1340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1340 Assigned: 20110309 Reference: http://dev.plone.org/plone/changeset/12262 Reference: http://dev.plone.org/plone/ticket/6110 Reference: JVN:JVN#41222793 Reference: http://jvn.jp/en/jp/JVN41222793/index.html Reference: JVNDB:JVNDB-2011-000056 Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056 Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
This issue did NOT affect the version of the plone package, as present within EPEL-5 repository.
Plone is embedded in the conga package shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4 Statement: Not Vulnerable. This issue does not affect the version of conga as shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4