Severity by source
Upload requires at least Contributor role (PR:L); victim must view content (UI:R); XSS crosses into victim browser context (S:C); confidentiality and integrity limited to browser-session scope.
Lifecycle Timeline
1Description PRE-NVD
AnalysisAI
Stored cross-site scripting in Plone CMS enables persistent script injection by spoofing file MIME types within the plone.app.textfield and plone.restapi packages, announced June 5, 2026. An attacker with content-upload access can craft a file whose declared MIME type bypasses Plone's content-type enforcement, causing browsers to render the payload as HTML or JavaScript when other users access the stored content. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a Plone user account with at minimum the Contributor role (or equivalent upload permission) on the target site - unauthenticated exploitation is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS score of 4.3 moderate places this below the threshold of urgent emergency patching, and no EPSS data, KEV listing, or POC availability was indicated in the provided intelligence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Plone contributor uploads a document with its MIME type header manipulated to text/html (or a similar executable type) while the actual file content contains a JavaScript payload. Plone stores the file alongside its attacker-supplied MIME metadata. … |
| Remediation | Consult the individual GitHub Security Advisories for plone.app.textfield (GHSA-4r4f-gg25-rmg5) and plone.restapi (GHSA-8rqh-vxpr-x77p) to obtain the exact patched versions and apply upgrades via pip. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit Plone instances and restrict file-upload permissions to fully trusted internal users; enable comprehensive audit logging for all file operations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today