CVE-2021-33508

{"id": "CVE-2021-33508", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-05-21T22:15:08.507", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item."}, {"lang": "es", "value": "Plone versiones hasta 5.2.4, permite un ataque de tipo XSS por medio de un nombre completo que es manejado inapropiadamente durante el renderizado de la pesta\u00f1a de propiedad de un elemento de contenido"}], "lastModified": "2024-11-21T06:08:58.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A", "versionEndIncluding": "5.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}