CVE-2008-4571: XSS
First published: Wed Oct 15 2008(Updated: )
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/Plone | <3.0.4 | 3.0.4 |
| Plone CMS | <=3.0.3 | |
| Plone CMS | =2.0.5 | |
| Plone CMS | =2.1.2 | |
| Plone CMS | =2.5 | |
| Plone CMS | =2.5.1 | |
| Plone CMS | =2.5.1_rc | |
| Plone CMS | =2.5.4 | |
| Plone CMS | =2.5_beta1 | |
| Plone CMS | =3.0 | |
| Plone CMS | =3.0.1 | |
| Plone CMS | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/28293
- http://plone.org/products/plone/releases/3.0.4
- http://dev.plone.org/plone/ticket/7439
- http://www.securityfocus.com/bid/27098
- http://osvdb.org/40660
- https://nvd.nist.gov/vuln/detail/CVE-2008-4571
- https://web.archive.org/web/20081012113150/http://secunia.com/advisories/28293
- https://web.archive.org/web/20120705155735/http://www.securityfocus.com/bid/27098
- https://github.com/advisories/GHSA-46f9-f8jm-mw2x (Advisory)
Frequently Asked Questions
What is the severity of CVE-2008-4571?
CVE-2008-4571 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2008-4571?
To resolve CVE-2008-4571, upgrade to Plone version 3.0.4 or later.
Which versions of Plone are affected by CVE-2008-4571?
CVE-2008-4571 affects Plone versions up to and including 3.0.3, as well as several 2.5 versions.
What type of vulnerability is CVE-2008-4571?
CVE-2008-4571 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject scripts into web pages.
What is the exploit method for CVE-2008-4571?
Attackers can exploit CVE-2008-4571 by using the Description field for search results to inject arbitrary web scripts or HTML.
- agent/type
- agent/remedy
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-46f9-f8jm-mw2x
- alias/CVE-2008-4571
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/pip
- vendor/plone
- canonical/plone cms
- version/plone cms/3.0.3
- version/plone cms/2.0.5
- version/plone cms/2.1.2
- version/plone cms/2.5
- version/plone cms/2.5.1
- version/plone cms/2.5.1_rc
- version/plone cms/2.5.4
- version/plone cms/2.5_beta1
- version/plone cms/3.0
- version/plone cms/3.0.1
- version/plone cms/3.0.2