Fortinet Discovers Plone Login Form Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting vulnerability in Plone.
Plone is among the top 2% of all open source projects worldwide. It has more than 103,000 commits by nearly 900 code contributors. Plone is supported by more than 350 solution providers in more than 100 countries. The project has been actively developed since 2001, is available in more than 40 languages, and has the best security track record of any major CMS.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jan 20, 2017
FortiWeb can protect this specific vulnerability since the signature package 10.077.
Users should apply the solution provided by Plone.
Fortinet reported the vulnerability to Plone on Jan. 20, 2017.
Plone confirmed the vulnerability on Jan. 20, 2017.
Plone released patch for the vulnerability on Nov. 28, 2017.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.