Red Hat Bugzilla – Bug 978451
CVE-2013-4190 plone: Multiple cross-site scripting (XSS) flaws (spamProtect.py, pts.py, request.py)
Last modified: 2015-08-22 11:59:50 EDT
Multiple cross-site scripting (XSS) flaws were found in the way Plone, a user friendly and powerful content management system, performed sanitization of user provided input in web forms. A remote attacker could provide a specially-crafted URL that, when visited by authenticated Plone user could lead to arbitrary HTML or web script execution in the context of Plone user's session.
The CVE identifier of CVE-2013-4190 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]