Security vulnerability announcement: CVE-2011-1949 – A persistent cross site scripting vulnerability

by Matthew Wilkes — last modified Jun 22, 2011 12:02 AM

A vulnerability in Plone versions using Products.PortalTransforms, including Plone 2.1 through 4.1.

This is a persistent cross-site scripting (XSS) attack. It allows a user to craft markup that bypasses Plone's safe_html filter to insert and save arbitrary HTML with malicious content.

This vulnerability was discovered and responsibly disclosed by Daniel Berlin and Dan Bentley, both of Google, and independently by Brian Peters, an independent researcher.

Fix

The Hotfix for this vulnerability is Hotfix 20110531.

* IMPORTANT *: The original release of this hotfix that was made on May 31 had a critical flaw. Please make sure you are using version 2.0 of the hotfix. The Plone security team apologizes for the error.

Information for security researchers

CVSS Base Score

6.4

Impact Subscore

4.9

Exploitability Subscore

Overall CVSS Score

6.4

Security vulnerability announcement: CVE-2011-1949 – A persistent cross site scripting vulnerability

Fix

*** IMPORTANT ***: The original release of this hotfix that was made on May 31 had a critical flaw. Please make sure you are using version 2.0 of the hotfix. The Plone security team apologizes for the error.

Information for security researchers

* IMPORTANT *: The original release of this hotfix that was made on May 31 had a critical flaw. Please make sure you are using version 2.0 of the hotfix. The Plone security team apologizes for the error.