Intrusion Prevention

Plone.Personal.Homepage.XSS

Description

This indicates an attack attempt against a Cross Site Scripting (XSS) vulnerability in Plone.
The vulnerability is due to Plone failing to properly sanitize the home_page property of a member of the Plone site. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the application.

Affected Products

Plone versions before 4.3.16 and 5.0.10

Impact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

Recommended Actions

Upgrade to the latest version, available from the website.
https://plone.org/security/hotfix/20171128