Plone.Login.Form.XSS
Description
This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in Plone.
The vulnerability is due to Plone failing to properly sanitize the "came_from" parameter value that is passed to the login form. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Affected Products
Plone versions before 4.3.16 and 5.0.10
Impact
System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser
Recommended Actions
Upgrade to the latest version, available from the website.
https://plone.org/security/hotfix/20171128
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |