CVE-2010-2422
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
24/06/2010
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html
- http://secunia.com/advisories/40270
- http://www.securityfocus.com/bid/40999
- http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html
- http://secunia.com/advisories/40270
- http://www.securityfocus.com/bid/40999