Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
seclists.org/oss-sec/2013/q4/467
seclists.org/oss-sec/2013/q4/485
exchange.xforce.ibmcloud.com/vulnerabilities/89623
exchange.xforce.ibmcloud.com/vulnerabilities/89627
github.com/plone/Plone
nvd.nist.gov/vuln/detail/CVE-2013-7062
plone.org/security/20131210/zope-xss-in-browseridmanager
plone.org/security/20131210/zope-xss-in-OFS