- Home
- CVEs with nessus.description==The version of Plone installed on the remote web server is affected by a cross-site scripting vulnerability because it fails to properly sanitize input to the 'mailaddress' parameter of the 'spamProtect.py' script. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
Note that the application is also reportedly affected by several additional vulnerabilities. Some of the reported vulnerabilities include but are not limited to arbitrary code execution, privilege escalation, denial of service (DoS), open redirect, cross-site scripting, as well as several additional flaws; however, Nessus has not tested for the additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top