First published: Fri May 21 2021(Updated: )
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Plone Plone | <=5.2.4 | |
pip/Plone | <=5.2.4 | |
<=5.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33512 is a vulnerability in Plone through version 5.2.4 that allows stored XSS attacks by a Contributor through uploading an SVG or HTML document.
The severity of CVE-2021-33512 is medium with a CVSS score of 5.4.
To exploit CVE-2021-33512, you can upload a malicious SVG or HTML document as a Contributor in Plone.
Yes, a hotfix is available for CVE-2021-33512. You can find more information about the hotfix at the following link: https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
You can find more information about CVE-2021-33512 at the following link: http://www.openwall.com/lists/oss-security/2021/05/22/1