cvelistv5 - CVE-2011-1949

CVE-2011-1949 (GCVE-0-2011-1949)

Vulnerability from cvelistv5 – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:46

Summary

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://osvdb.org/72728	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/44775	third-party-advisoryx_refsource_SECUNIA
	http://plone.org/products/plone/security/advisori…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/48005	vdb-entryx_refsource_BID
	http://secunia.com/advisories/44776	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/8269	third-party-advisoryx_refsource_SREASON
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/518155/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "72728",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/72728"
          },
          {
            "name": "44775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44775"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
          },
          {
            "name": "48005",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48005"
          },
          {
            "name": "44776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44776"
          },
          {
            "name": "8269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8269"
          },
          {
            "name": "plone-portalportal-xss(67694)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
          },
          {
            "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "72728",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/72728"
        },
        {
          "name": "44775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44775"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
        },
        {
          "name": "48005",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48005"
        },
        {
          "name": "44776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44776"
        },
        {
          "name": "8269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8269"
        },
        {
          "name": "plone-portalportal-xss(67694)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
        },
        {
          "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1949",
    "datePublished": "2011-06-06T19:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08747064-EC22-40B4-92EF-4640788FE55D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4EB85E3-9A76-4B79-AF7D-91484784A2EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78755057-2613-4D5E-8F59-2C117EE282B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D49359CD-63EF-4D3A-92DC-C16DEE88138B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DE940BA-B784-4193-AB77-333F15B6C32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9762C674-380B-4831-BBA1-3B27742121B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D938645-80CE-4287-830E-A3BD0C5C84FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB0F7BFC-DC20-46B3-90E7-264E3A8A7886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2C09C10-AEA0-41F4-B964-507B40580BE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B60568E-A688-46AF-B627-062A029A7324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B635DAD-AC53-4484-8750-200B662DAFD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B647E76-E8B8-4329-8848-3B90EB262807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D0A6B8F-4018-44DC-9862-45309619DC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F10374F-2BB3-48D2-B19F-9B2D038A8E35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEAC4F93-D26C-48F3-A7FF-8DC008FC2671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"552661B7-093D-4B3C-8770-FCDE6032AA17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5180F9D2-E44B-455D-968C-792026AC832A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"636226E4-B880-41FE-A727-EF56CF8E6249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF6E934A-C344-4861-8CD4-D18D52672D5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25780BBE-8013-4100-9EA8-7EFC244399A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A089ED64-07E6-4F4C-97AE-AF74269A4DB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF2334C9-9B34-4C7D-93A2-172E596E05C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"354046F4-FA55-4AFC-935A-C803D36CDE86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF1496A7-6D0A-4970-B0BF-83758065BC6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47DEF57C-92F0-4999-AF8E-CEE27EE92CD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BED4241-D823-402A-A389-7E52C410E2F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE9A55E6-F265-4BB8-8683-3E0CFA01EC73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"970FD910-50A4-478A-ADE6-EB912C261DAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A490523-1063-44E4-A72A-C23070279181\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8559F17-63D1-45DB-8A28-47F729DC6686\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDC93803-6506-4382-A013-18010EE7E06B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E65977FD-A880-4D16-B56B-94A72774F42D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA5B4F8-2155-403D-97D8-1272285D508B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3CA2943-77E5-4384-A019-415BBCE62F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"538A3519-5B04-4FE5-A3C0-FD26EFA32705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08F4534-A588-463F-A745-39E559AB1CB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B64341BA-5722-415E-9771-9837168AB7C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2929227-AE19-428D-9AC3-D312A559039B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B6DC866-0FEE-475B-855C-A69E004810CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50BF3E8E-152C-4E89-BAA2-A952D10F4611\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49DB97A7-89DD-43C0-A490-84AA7069764B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C44B53B-953B-4522-A5B4-11573850D2CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422.\\r\\n\"}]",
      "id": "CVE-2011-1949",
      "lastModified": "2024-11-21T01:27:22.217",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-06-06T19:55:02.160",
      "references": "[{\"url\": \"http://osvdb.org/72728\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://plone.org/products/plone/security/advisories/CVE-2011-1949\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44775\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44776\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8269\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/518155/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/48005\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/72728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://plone.org/products/plone/security/advisories/CVE-2011-1949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44776\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/518155/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1949\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-06-06T19:55:02.160\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08747064-EC22-40B4-92EF-4640788FE55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4EB85E3-9A76-4B79-AF7D-91484784A2EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78755057-2613-4D5E-8F59-2C117EE282B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49359CD-63EF-4D3A-92DC-C16DEE88138B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DE940BA-B784-4193-AB77-333F15B6C32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9762C674-380B-4831-BBA1-3B27742121B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D938645-80CE-4287-830E-A3BD0C5C84FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB0F7BFC-DC20-46B3-90E7-264E3A8A7886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2C09C10-AEA0-41F4-B964-507B40580BE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B60568E-A688-46AF-B627-062A029A7324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B635DAD-AC53-4484-8750-200B662DAFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B647E76-E8B8-4329-8848-3B90EB262807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0A6B8F-4018-44DC-9862-45309619DC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F10374F-2BB3-48D2-B19F-9B2D038A8E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEAC4F93-D26C-48F3-A7FF-8DC008FC2671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552661B7-093D-4B3C-8770-FCDE6032AA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5180F9D2-E44B-455D-968C-792026AC832A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"636226E4-B880-41FE-A727-EF56CF8E6249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF6E934A-C344-4861-8CD4-D18D52672D5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25780BBE-8013-4100-9EA8-7EFC244399A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A089ED64-07E6-4F4C-97AE-AF74269A4DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2334C9-9B34-4C7D-93A2-172E596E05C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"354046F4-FA55-4AFC-935A-C803D36CDE86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF1496A7-6D0A-4970-B0BF-83758065BC6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47DEF57C-92F0-4999-AF8E-CEE27EE92CD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BED4241-D823-402A-A389-7E52C410E2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9A55E6-F265-4BB8-8683-3E0CFA01EC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"970FD910-50A4-478A-ADE6-EB912C261DAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A490523-1063-44E4-A72A-C23070279181\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8559F17-63D1-45DB-8A28-47F729DC6686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDC93803-6506-4382-A013-18010EE7E06B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E65977FD-A880-4D16-B56B-94A72774F42D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA5B4F8-2155-403D-97D8-1272285D508B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3CA2943-77E5-4384-A019-415BBCE62F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"538A3519-5B04-4FE5-A3C0-FD26EFA32705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08F4534-A588-463F-A745-39E559AB1CB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B64341BA-5722-415E-9771-9837168AB7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2929227-AE19-428D-9AC3-D312A559039B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B6DC866-0FEE-475B-855C-A69E004810CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BF3E8E-152C-4E89-BAA2-A952D10F4611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DB97A7-89DD-43C0-A490-84AA7069764B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C44B53B-953B-4522-A5B4-11573850D2CD\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/72728\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://plone.org/products/plone/security/advisories/CVE-2011-1949\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44775\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44776\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8269\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/518155/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/48005\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/72728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://plone.org/products/plone/security/advisories/CVE-2011-1949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/518155/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-1949

Vulnerability from fkie_nvd - Published: 2011-06-06 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/72728
secalert@redhat.com	http://plone.org/products/plone/security/advisories/CVE-2011-1949	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/44775	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/44776	Vendor Advisory
secalert@redhat.com	http://securityreason.com/securityalert/8269
secalert@redhat.com	http://www.securityfocus.com/archive/1/518155/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/48005
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67694
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/72728
af854a3a-2127-422b-91ae-364da2661108	http://plone.org/products/plone/security/advisories/CVE-2011-1949	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44776	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8269
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518155/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48005
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67694

Impacted products

Vendor	Product	Version
plone	plone	2.1
plone	plone	2.1.1
plone	plone	2.1.2
plone	plone	2.1.3
plone	plone	2.1.4
plone	plone	2.5
plone	plone	2.5.1
plone	plone	2.5.2
plone	plone	2.5.3
plone	plone	2.5.4
plone	plone	2.5.5
plone	plone	3.0
plone	plone	3.0.1
plone	plone	3.0.2
plone	plone	3.0.3
plone	plone	3.0.4
plone	plone	3.0.5
plone	plone	3.0.6
plone	plone	3.1
plone	plone	3.1.1
plone	plone	3.1.2
plone	plone	3.1.3
plone	plone	3.1.4
plone	plone	3.1.5.1
plone	plone	3.1.6
plone	plone	3.1.7
plone	plone	3.2
plone	plone	3.2.1
plone	plone	3.2.2
plone	plone	3.2.3
plone	plone	3.3
plone	plone	3.3.1
plone	plone	3.3.2
plone	plone	3.3.3
plone	plone	3.3.4
plone	plone	3.3.5
plone	plone	4.0
plone	plone	4.0.1
plone	plone	4.0.2
plone	plone	4.0.3
plone	plone	4.0.4
plone	plone	4.0.5
plone	plone	4.0.6.1
plone	plone	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422.\r\n"
    }
  ],
  "id": "CVE-2011-1949",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-06T19:55:02.160",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/72728"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44776"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/72728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H6HQ-C896-W882

Vulnerability from github – Published: 2018-07-23 21:01 – Updated: 2024-10-11 20:51

Summary

Plone Cross-site Scripting vulnerability

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.2"
            },
            {
              "fixed": "3.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0a0"
            },
            {
              "fixed": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1a0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-1949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:39:09Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.",
  "id": "GHSA-h6hq-c896-w882",
  "modified": "2024-10-11T20:51:00Z",
  "published": "2018-07-23T21:01:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1949"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h6hq-c896-w882"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/plone/Plone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml"
    },
    {
      "type": "WEB",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Plone Cross-site Scripting vulnerability"
}

CERTA-2011-AVI-324

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Plone ont été corrigées.

Description

Trois vulnérabilités dans Plone ont été corrigées. Leur exploitation permet à une personne malintentionnée d'effectuer des attaques de type injection de code indirecte et/ou d'élever ses privilèges.

Solution

Mettre à jour avec le correctif 20110531.

Plone 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Plone du 02 juin 2011	None	vendor-advisory
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePlone 4.x.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s dans Plone ont \u00e9t\u00e9 corrig\u00e9es. Leur exploitation\npermet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer des attaques de type\ninjection de code indirecte et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nMettre \u00e0 jour avec le correctif 20110531.\n",
  "cves": [
    {
      "name": "CVE-2011-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1948"
    },
    {
      "name": "CVE-2011-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1950"
    },
    {
      "name": "CVE-2011-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1949"
    }
  ],
  "links": [
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    }
  ],
  "reference": "CERTA-2011-AVI-324",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Plone ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Plone du 02 juin 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-324

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Plone ont été corrigées.

Description

Solution

Mettre à jour avec le correctif 20110531.

Plone 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Plone du 02 juin 2011	None	vendor-advisory
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other
Bulletins Plone du 02 juin 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePlone 4.x.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s dans Plone ont \u00e9t\u00e9 corrig\u00e9es. Leur exploitation\npermet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer des attaques de type\ninjection de code indirecte et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nMettre \u00e0 jour avec le correctif 20110531.\n",
  "cves": [
    {
      "name": "CVE-2011-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1948"
    },
    {
      "name": "CVE-2011-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1950"
    },
    {
      "name": "CVE-2011-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1949"
    }
  ],
  "links": [
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "title": "Bulletins Plone du 02 juin 2011 :",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
    }
  ],
  "reference": "CERTA-2011-AVI-324",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Plone ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Plone du 02 juin 2011",
      "url": null
    }
  ]
}

PYSEC-2011-15

Vulnerability from pysec - Published: 2011-06-06 19:55 - Updated: 2021-07-25 23:34

Details

Impacted products

Name	purl
plone	pkg:pypi/plone

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone",
        "purl": "pkg:pypi/plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.2",
        "3.2.1",
        "3.2.2",
        "3.2.3",
        "3.2a1",
        "3.2rc1",
        "3.3",
        "3.3.1",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.3.5",
        "3.3.6",
        "3.3b1",
        "3.3rc1",
        "3.3rc2",
        "3.3rc3",
        "3.3rc4",
        "3.3rc5",
        "4.0",
        "4.0.1",
        "4.0.10",
        "4.0.2",
        "4.0.3",
        "4.0.4",
        "4.0.5",
        "4.0.6",
        "4.0.7",
        "4.0.8",
        "4.0.9",
        "4.0a1",
        "4.0a2",
        "4.0a3",
        "4.0a4",
        "4.0a5",
        "4.0b1",
        "4.0b2",
        "4.0b3",
        "4.0b4",
        "4.0b5",
        "4.0rc1",
        "4.1",
        "4.1a1",
        "4.1a2",
        "4.1a3",
        "4.1b1",
        "4.1b2",
        "4.1rc2",
        "4.1rc3"
      ]
    }
  ],
  "aliases": [
    "CVE-2011-1949",
    "GHSA-h6hq-c896-w882"
  ],
  "details": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.",
  "id": "PYSEC-2011-15",
  "modified": "2021-07-25T23:34:43.166940Z",
  "published": "2011-06-06T19:55:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/44775"
    },
    {
      "type": "ADVISORY",
      "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48005"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/44776"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/72728"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8269"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h6hq-c896-w882"
    }
  ]
}

GSD-2011-1949

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1949

Aliases

CVE-2011-1949

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1949",
    "description": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.",
    "id": "GSD-2011-1949"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1949"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.",
      "id": "GSD-2011-1949",
      "modified": "2023-12-13T01:19:07.867299Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1949",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/44775",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44775"
          },
          {
            "name": "http://secunia.com/advisories/44776",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44776"
          },
          {
            "name": "http://securityreason.com/securityalert/8269",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8269"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/48005",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/48005"
          },
          {
            "name": "http://osvdb.org/72728",
            "refsource": "MISC",
            "url": "http://osvdb.org/72728"
          },
          {
            "name": "http://plone.org/products/plone/security/advisories/CVE-2011-1949",
            "refsource": "MISC",
            "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.3.2,\u003c3.3.6||\u003e=4.0,\u003c4.0.6",
          "affected_versions": "All versions starting from 3.3.2 before 3.3.6, all versions starting from 4.0 before 4.0.6",
          "cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-09-14",
          "description": "Cross-site scripting  vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.",
          "fixed_versions": [
            "3.3.6",
            "4.0.6"
          ],
          "identifier": "CVE-2011-1949",
          "identifiers": [
            "GHSA-h6hq-c896-w882",
            "CVE-2011-1949"
          ],
          "not_impacted": "All versions before 3.3.2, all versions starting from 3.3.6 before 4.0, all versions starting from 4.0.6",
          "package_slug": "pypi/Plone",
          "pubdate": "2018-07-23",
          "solution": "Upgrade to versions 3.3.6, 4.0.6 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation ",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-1949",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694",
            "https://github.com/advisories/GHSA-h6hq-c896-w882",
            "http://osvdb.org/72728",
            "http://plone.org/products/plone/security/advisories/CVE-2011-1949",
            "http://secunia.com/advisories/44775",
            "http://secunia.com/advisories/44776",
            "http://securityreason.com/securityalert/8269",
            "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
            "http://www.securityfocus.com/bid/48005"
          ],
          "uuid": "a8cf6afc-a1be-42a2-90bb-d0bb946d5a17"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1949"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44775"
            },
            {
              "name": "http://plone.org/products/plone/security/advisories/CVE-2011-1949",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
            },
            {
              "name": "48005",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48005"
            },
            {
              "name": "44776",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44776"
            },
            {
              "name": "72728",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/72728"
            },
            {
              "name": "8269",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8269"
            },
            {
              "name": "plone-portalportal-xss(67694)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
            },
            {
              "name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:32Z",
      "publishedDate": "2011-06-06T19:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1949 (GCVE-0-2011-1949)

FKIE_CVE-2011-1949

GHSA-H6HQ-C896-W882

CERTA-2011-AVI-324

Description

Solution

CERTA-2011-AVI-324

Description

Solution

PYSEC-2011-15

GSD-2011-1949

Tags

Sightings

Nomenclature