Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Plone 跨站脚本漏洞
Vulnerability Description
Plone是一套基于Zope应用服务器构建的开源内容管理系统(CMS)。 Plone CMS until version 5.2.4 存在跨站脚本漏洞,该漏洞源于user fullname和文件上传功能中存在存储跨站点脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A