Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1949 to the following vulnerability: Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1949 [2] http://www.securityfocus.com/archive/1/archive/1/518155/100/0/threaded [3] http://plone.org/products/plone/security/advisories/CVE-2011-1949 [4] http://www.securityfocus.com/bid/48005 [5] http://secunia.com/advisories/44775 [6] http://secunia.com/advisories/44776 [7] http://xforce.iss.net/xforce/xfdb/67694
This issue affects the version of the plone package, as present within EPEL-5 repository. Please schedule an update.
Created plone tracking bugs for this issue Affects: epel-5 [bug 711497]
Statement: This issue did not affect the versions of conga package as shipped with Red Hat Enterprise Linux 5 and with Red Hat Cluster Suite for Red Hat Enterprise Linux 4, as they did not include support for creation of new Plone content.