Advertisement






Plone CMS 5.2.3 | Cross Site Scripting (XSS)

CVE Category Price Severity
CVE-2020-7359 CWE-79 $750 High
Author Risk Exploitation Type Date
Ionut-Cristian Paraschiv High Remote 2021-04-16
CPE
cpe:cpe:/a:plone_foundation:plone:5.2.3
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040092

Below is a copy:

Plone CMS 5.2.3 | Cross Site Scripting (XSS)
|===========================================================================
| # Exploit Title : Plone CMS 5.2.3 | Cross Site Scripting (XSS)   
|                                                                           
| # Author : Ali Seddigh                                                    
|                                                                           
| # Category : Web Application                                                                                                                                                                              
|                                                                           
| # Software Link : https://plone.com/                               
|                                                                           
| # Tested on : [ Windows ~> 10]                                                     
|
| # Version: 5.2.3
|                  
| # Date : 2021-04-11                                                       
|===========================================================================                                                                
| # Steps to reproduce the issue:
|
| # 1 - Go to URL https://localhost/ where Plone 5.2.3 version is installed.
| # 2 - Click on "Log in now" and Login as "Manager"
| # 3 - Navigate to Manager=> Site Setup => Site
| # 4 - Edit "Site title" field to "xyz<ScRiPt>alert("XSS")</ScRiPt>"
|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum