CVE-2011-1949 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1949): Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. CVE-2011-1948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1948): Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
No more plone. noglsa.