-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability explicitly references safe_html.py as the source, and the CWE-79 classification confirms an XSS flaw in HTML sanitization logic. The Plone security advisory GHSA-hr59-35cr-qf43 and CVE-2012-5502 both directly implicate this file. While the exact function name isn't explicitly stated in the provided resources, the file's purpose (HTML sanitization) and the vulnerability's nature (XSS) strongly indicate that the primary HTML sanitization function in this file (commonly named safe_html) is the vulnerable component.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| plone | pip | < 4.2.3 | 4.2.3 |
| Plone | pip | >= 4.3a0, < 4.3b1 | 4.3b1 |
Ongoing coverage of React2Shell