It was discovered that Plone has unescaped user input in a page template that is open to XSS. CVE assignment: http://seclists.org/oss-sec/2016/q3/417 External References: https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone
Created plone tracking bugs for this issue: Affects: epel-5 [bug 1373467]