CVE-2013-4190: Plone vulnerable to cross-site scripting

May 17, 2022 (updated April 13, 2025)

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

bugzilla.redhat.com/show_bug.cgi?id=978451
github.com/advisories/GHSA-89rq-27xp-vgv7
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml
nvd.nist.gov/vuln/detail/CVE-2013-4190

Code Behaviors & Features

Detect and mitigate CVE-2013-4190 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →