-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability description explicitly names kssdevel.py as the affected file, and the CWE-79 (XSS) classification confirms improper input sanitization. While the exact function within kssdevel.py is not explicitly named in the provided sources, the file's role in handling KSS (Kinetic Style Sheets) development tools suggests it contains request-handling logic that reflects user input without adequate escaping. The high confidence stems from multiple authoritative sources (CVE, GHSA, Plone advisories) pinpointing this file as the vulnerability location, even though the specific function isn't detailed.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| plone | pip | < 4.2.3 | 4.2.3 |
| Plone | pip | >= 4.3a0, < 4.3b1 | 4.3b1 |
KEV Misses 88% of Exploited CVEs- Get the report