Security vulnerability announcement: CVE-2011-1948 – A reflected cross site scripting vulnerability
This is a reflected cross site scripting attack, that is, it is exploitable by special URLs that contain the malicious content.
This vulnerability was responsibly disclosed by J. Greil after discovery by S. Streichsbier, both of SEC Consult.
The Hotfix for this vulnerability is Hotfix 20110531.
*** IMPORTANT ***: The original release of this hotfix that was made on May 31 had a critical flaw. Please make sure you are using version 2.0 of the hotfix. The Plone security team apologizes for the error.
Information for security researchers
CVSS Base Score
10Overall CVSS Score