CVE-2011-1948: Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
(updated )
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
- access.redhat.com/errata/RHSA-2012:0151
- access.redhat.com/security/cve/CVE-2011-1948
- bugzilla.redhat.com/show_bug.cgi?id=711494
- exchange.xforce.ibmcloud.com/vulnerabilities/67693
- github.com/advisories/GHSA-p7h9-vf92-5fj5
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
- nvd.nist.gov/vuln/detail/CVE-2011-1948
Code Behaviors & Features
Detect and mitigate CVE-2011-1948 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →