plone.restapi@8.4.0 vulnerabilities
plone.restapi is a RESTful hypermedia API for Plone.
-
latest version
9.8.5
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
4 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the plone.restapi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
plone.restapi is a RESTful hypermedia API for Plone. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization of SVG image in user portrait. To exploit the vulnerability, an attacker would first need to upload an SVG image as user portrait, and then trick a user into following a link to this portrait. Note A page that uses an image tag with an SVG image as a source is never vulnerable. How to fix Cross-site Scripting (XSS)? Upgrade |
[8.0.0,8.43.3)
|