Vulnerability Details CVE-2020-7937
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.openwall.com/lists/oss-security/2020/01/24/1
- https://plone.org/security/hotfix/20200121
- https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher
- https://www.openwall.com/lists/oss-security/2020/01/22/1
- http://www.openwall.com/lists/oss-security/2020/01/24/1
- https://plone.org/security/hotfix/20200121
- https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher
- https://www.openwall.com/lists/oss-security/2020/01/22/1
Products affected by CVE-2020-7937
-
cpe:2.3:a:plone:plone:5.0
-
cpe:2.3:a:plone:plone:5.0.1
-
cpe:2.3:a:plone:plone:5.0.10
-
cpe:2.3:a:plone:plone:5.0.2
-
cpe:2.3:a:plone:plone:5.0.3
-
cpe:2.3:a:plone:plone:5.0.4
-
cpe:2.3:a:plone:plone:5.0.5
-
cpe:2.3:a:plone:plone:5.0.6
-
cpe:2.3:a:plone:plone:5.0.7
-
cpe:2.3:a:plone:plone:5.0.8
-
cpe:2.3:a:plone:plone:5.0.9
-
cpe:2.3:a:plone:plone:5.1
-
cpe:2.3:a:plone:plone:5.1.1
-
cpe:2.3:a:plone:plone:5.1.2
-
cpe:2.3:a:plone:plone:5.1.3
-
cpe:2.3:a:plone:plone:5.1.4
-
cpe:2.3:a:plone:plone:5.1.5
-
cpe:2.3:a:plone:plone:5.1.6
-
cpe:2.3:a:plone:plone:5.1.7
-
cpe:2.3:a:plone:plone:5.1a1
-
cpe:2.3:a:plone:plone:5.1a2
-
cpe:2.3:a:plone:plone:5.1b2
-
cpe:2.3:a:plone:plone:5.1b3
-
cpe:2.3:a:plone:plone:5.1b4
-
cpe:2.3:a:plone:plone:5.1rc1
-
cpe:2.3:a:plone:plone:5.1rc2
-
cpe:2.3:a:plone:plone:5.2
-
cpe:2.3:a:plone:plone:5.2.0
-
cpe:2.3:a:plone:plone:5.2.1