| Vulnerability Name: | CVE-2020-7937 (CCN-175045) | ||||||||||||
| Assigned: | 2020-01-21 | ||||||||||||
| Published: | 2020-01-21 | ||||||||||||
| Updated: | 2020-01-24 | ||||||||||||
| Summary: | An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-7937 Source: MLIST Type: Third Party Advisory [oss-security] 20200124 Re: Plone security hotfix 20200121 Source: XF Type: UNKNOWN plone-cve20207937-xss(175045) Source: CCN Type: Plone Web site Plone CMS Source: MISC Type: Vendor Advisory https://plone.org/security/hotfix/20200121 Source: MISC Type: Vendor Advisory https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher Source: CCN Type: oss-sec Mailing List, Tue, 21 Jan 2020 23:49:31 +0100 Plone security hotfix 20200121 Source: MISC Type: Mailing List, Third Party Advisory https://www.openwall.com/lists/oss-security/2020/01/22/1 Source: CCN Type: WhiteSource Vulnerability Database CVE-2020-7937 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||