virus logo Intrusion Prevention

Plone.Login.Form.XSS

description-logoDescription

This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in Plone.
The vulnerability is due to Plone failing to properly sanitize the "came_from" parameter value that is passed to the login form. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

affected-products-logoAffected Products

Plone versions before 4.3.16 and 5.0.10

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the website.
https://plone.org/security/hotfix/20171128

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
ID 43601
Created Jan 25, 2017
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS All
Affected App PHP_app