Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/products.cmfplone@4.1a1
Typepypi
Namespace
Nameproducts.cmfplone
Version4.1a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.10
Latest_non_vulnerable_version5.1.0
Affected_by_vulnerabilities
0
url VCID-14h5-hnhw-zuc2
vulnerability_id VCID-14h5-hnhw-zuc2
summary Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63421
published_at 2026-06-11T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.63524
published_at 2026-06-12T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.63535
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
3
reference_url https://github.com/advisories/GHSA-984m-rj28-8c6x
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-984m-rj28-8c6x
4
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
5
reference_url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
6
reference_url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
8
reference_url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
10
reference_url https://plone.org/security/20150910
reference_id
reference_type
scores
url https://plone.org/security/20150910
11
reference_url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
12
reference_url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
13
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
14
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
15
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/13
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/13
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.6
purl pkg:pypi/products.cmfplone@4.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-222f-416u-zqfa
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-3kbx-xrnj-nyfu
4
vulnerability VCID-p445-qsp2-hbh5
5
vulnerability VCID-shxf-fpbe-p7aa
6
vulnerability VCID-y37y-v4qf-xuba
7
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.6
1
url pkg:pypi/products.cmfplone@4.3.7
purl pkg:pypi/products.cmfplone@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-222f-416u-zqfa
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-p445-qsp2-hbh5
3
vulnerability VCID-shxf-fpbe-p7aa
4
vulnerability VCID-y37y-v4qf-xuba
5
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7
2
url pkg:pypi/products.cmfplone@5.0rc2
purl pkg:pypi/products.cmfplone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-222f-416u-zqfa
1
vulnerability VCID-qqeg-qqtw-q3cp
2
vulnerability VCID-shxf-fpbe-p7aa
3
vulnerability VCID-y37y-v4qf-xuba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2
aliases CVE-2015-7315, GHSA-984m-rj28-8c6x, PYSEC-2017-52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14h5-hnhw-zuc2
1
url VCID-21n8-a2su-nbbd
vulnerability_id VCID-21n8-a2su-nbbd
summary Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
references
0
reference_url http://osvdb.org/72727
reference_id
reference_type
scores
url http://osvdb.org/72727
1
reference_url https://access.redhat.com/errata/RHSA-2012:0151
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:0151
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1948
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67628
published_at 2026-06-11T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.67717
published_at 2026-06-12T12:55:00Z
2
value 0.00529
scoring_system epss
scoring_elements 0.6773
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1948
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=711494
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=711494
5
reference_url http://secunia.com/advisories/44775
reference_id
reference_type
scores
url http://secunia.com/advisories/44775
6
reference_url http://secunia.com/advisories/44776
reference_id
reference_type
scores
url http://secunia.com/advisories/44776
7
reference_url http://securityreason.com/securityalert/8269
reference_id
reference_type
scores
url http://securityreason.com/securityalert/8269
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/67693
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/67693
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
10
reference_url http://www.securityfocus.com/archive/1/518155/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/518155/100/0/threaded
11
reference_url http://www.securityfocus.com/bid/48005
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/48005
12
reference_url http://plone.org/products/plone/security/advisories/CVE-2011-1948
reference_id CVE-2011-1948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://plone.org/products/plone/security/advisories/CVE-2011-1948
13
reference_url https://access.redhat.com/security/cve/CVE-2011-1948
reference_id CVE-2011-1948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2011-1948
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1948
reference_id CVE-2011-1948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1948
15
reference_url https://github.com/advisories/GHSA-p7h9-vf92-5fj5
reference_id GHSA-p7h9-vf92-5fj5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p7h9-vf92-5fj5
fixed_packages
0
url pkg:pypi/products.cmfplone@4.1rc3
purl pkg:pypi/products.cmfplone@4.1rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-222f-416u-zqfa
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-3kbx-xrnj-nyfu
4
vulnerability VCID-kcx4-zkp3-xucf
5
vulnerability VCID-p445-qsp2-hbh5
6
vulnerability VCID-qww5-d5cg-jfb5
7
vulnerability VCID-shxf-fpbe-p7aa
8
vulnerability VCID-y37y-v4qf-xuba
9
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.1rc3
aliases CVE-2011-1948, GHSA-p7h9-vf92-5fj5, PYSEC-2011-14
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21n8-a2su-nbbd
2
url VCID-222f-416u-zqfa
vulnerability_id VCID-222f-416u-zqfa
summary 
Privilege escalation in webdav
A missing webdav security declaration would allow unauthorized webdav access.
references
0
reference_url https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url https://plone.org/products/plone/security/advisories/20160419-announcement
1
reference_url https://plone.org/security/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
url https://plone.org/security/20160419/privilege-escalation-in-webdav
fixed_packages
aliases GMS-2016-28
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-222f-416u-zqfa
3
url VCID-37gz-3kz2-pyh5
vulnerability_id VCID-37gz-3kz2-pyh5
summary A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52554
published_at 2026-06-11T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52683
published_at 2026-06-12T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52697
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
2
reference_url https://github.com/advisories/GHSA-859j-668v-mrr6
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-859j-668v-mrr6
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
5
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
6
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
7
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
8
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
12
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
15
reference_url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
reference_id 1532485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.17
purl pkg:pypi/products.cmfplone@4.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y37y-v4qf-xuba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.17
1
url pkg:pypi/products.cmfplone@5.0.10
purl pkg:pypi/products.cmfplone@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.10
2
url pkg:pypi/products.cmfplone@5.1.0
purl pkg:pypi/products.cmfplone@5.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.1.0
aliases CVE-2017-1000482, GHSA-859j-668v-mrr6, PYSEC-2018-71
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37gz-3kz2-pyh5
4
url VCID-3kbx-xrnj-nyfu
vulnerability_id VCID-3kbx-xrnj-nyfu
summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66855
published_at 2026-06-11T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66947
published_at 2026-06-12T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66962
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
3
reference_url https://github.com/advisories/GHSA-vf8g-m3vq-6p4p
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf8g-m3vq-6p4p
4
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
5
reference_url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
8
reference_url https://plone.org/security/20150910/
reference_id
reference_type
scores
url https://plone.org/security/20150910/
9
reference_url https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url https://plone.org/security/20150910/non-persistent-xss-in-plone
10
reference_url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
11
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
12
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
13
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/14
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.7
purl pkg:pypi/products.cmfplone@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-222f-416u-zqfa
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-p445-qsp2-hbh5
3
vulnerability VCID-shxf-fpbe-p7aa
4
vulnerability VCID-y37y-v4qf-xuba
5
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7
1
url pkg:pypi/products.cmfplone@5.0rc2
purl pkg:pypi/products.cmfplone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-222f-416u-zqfa
1
vulnerability VCID-qqeg-qqtw-q3cp
2
vulnerability VCID-shxf-fpbe-p7aa
3
vulnerability VCID-y37y-v4qf-xuba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2
aliases CVE-2015-7316, GHSA-vf8g-m3vq-6p4p, PYSEC-2017-53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kbx-xrnj-nyfu
5
url VCID-kcx4-zkp3-xucf
vulnerability_id VCID-kcx4-zkp3-xucf
summary Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7060
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.64267
published_at 2026-06-11T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.64369
published_at 2026-06-12T12:55:00Z
2
value 0.00455
scoring_system epss
scoring_elements 0.64382
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7060
2
reference_url https://github.com/advisories/GHSA-rg52-j87w-pf83
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg52-j87w-pf83
3
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
4
reference_url https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7060
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7060
8
reference_url https://plone.org/security/20131210/path-leak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/20131210/path-leak
9
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/10/15
10
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/12/3
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040378
reference_id 1040378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040378
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.3
purl pkg:pypi/products.cmfplone@4.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-222f-416u-zqfa
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-3kbx-xrnj-nyfu
4
vulnerability VCID-p445-qsp2-hbh5
5
vulnerability VCID-shxf-fpbe-p7aa
6
vulnerability VCID-y37y-v4qf-xuba
7
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.3
aliases CVE-2013-7060, GHSA-rg52-j87w-pf83, PYSEC-2014-65, PYSEC-2014-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcx4-zkp3-xucf
6
url VCID-p445-qsp2-hbh5
vulnerability_id VCID-p445-qsp2-hbh5
summary 
Multiple CSRF vulnerabilities in Management Interface
There are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).
references
fixed_packages
0
url pkg:pypi/products.cmfplone@5.0a1
purl pkg:pypi/products.cmfplone@5.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-222f-416u-zqfa
2
vulnerability VCID-3kbx-xrnj-nyfu
3
vulnerability VCID-qqeg-qqtw-q3cp
4
vulnerability VCID-shxf-fpbe-p7aa
5
vulnerability VCID-y37y-v4qf-xuba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a1
aliases GMS-2015-35
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p445-qsp2-hbh5
7
url VCID-qww5-d5cg-jfb5
vulnerability_id VCID-qww5-d5cg-jfb5
summary Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7061
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49554
published_at 2026-06-11T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49691
published_at 2026-06-12T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.4971
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7061
2
reference_url https://github.com/advisories/GHSA-4vr8-r7qr-fpvq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vr8-r7qr-fpvq
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7061
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7061
8
reference_url https://plone.org/security/20131210/catalogue-exposure
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/20131210/catalogue-exposure
9
reference_url https://pypi.org/project/Products.PloneHotfix20131210
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20131210
10
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/10/15
11
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/12/3
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040379
reference_id 1040379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040379
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.3
purl pkg:pypi/products.cmfplone@4.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-222f-416u-zqfa
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-3kbx-xrnj-nyfu
4
vulnerability VCID-p445-qsp2-hbh5
5
vulnerability VCID-shxf-fpbe-p7aa
6
vulnerability VCID-y37y-v4qf-xuba
7
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.3
aliases CVE-2013-7061, GHSA-4vr8-r7qr-fpvq, PYSEC-2014-66, PYSEC-2014-68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qww5-d5cg-jfb5
8
url VCID-shxf-fpbe-p7aa
vulnerability_id VCID-shxf-fpbe-p7aa
summary 
Unauthorized disclosure of site content
A vulnerability that allows attackers to gain information about private site content.
references
0
reference_url https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url https://plone.org/products/plone/security/advisories/20160419-announcement
1
reference_url https://plone.org/security/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
url https://plone.org/security/20160419/unauthorized-disclosure-of-site-content
fixed_packages
aliases GMS-2016-27
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shxf-fpbe-p7aa
9
url VCID-y37y-v4qf-xuba
vulnerability_id VCID-y37y-v4qf-xuba
summary Cross-site Scripting and Open Redirect in Products.CMFPlone
references
0
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
1
reference_url https://github.com/advisories/GHSA-8w54-22w9-3g8f
reference_id GHSA-8w54-22w9-3g8f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w54-22w9-3g8f
2
reference_url https://github.com/plone/Products.CMFPlone/security/advisories/GHSA-8w54-22w9-3g8f
reference_id GHSA-8w54-22w9-3g8f
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/security/advisories/GHSA-8w54-22w9-3g8f
fixed_packages
0
url pkg:pypi/products.cmfplone@5.0.0
purl pkg:pypi/products.cmfplone@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37gz-3kz2-pyh5
1
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.0
1
url pkg:pypi/products.cmfplone@5.0
purl pkg:pypi/products.cmfplone@5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-222f-416u-zqfa
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-qqeg-qqtw-q3cp
3
vulnerability VCID-shxf-fpbe-p7aa
4
vulnerability VCID-ys36-9r8f-63ab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0
aliases GHSA-8w54-22w9-3g8f, GMS-2022-46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y37y-v4qf-xuba
10
url VCID-ys36-9r8f-63ab
vulnerability_id VCID-ys36-9r8f-63ab
summary When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41711
published_at 2026-06-12T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41729
published_at 2026-06-13T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41545
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
2
reference_url https://github.com/advisories/GHSA-8g72-gq68-6gqh
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g72-gq68-6gqh
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
5
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
6
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
7
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
8
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
12
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
15
reference_url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
reference_id 1532489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.17
purl pkg:pypi/products.cmfplone@4.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y37y-v4qf-xuba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.17
1
url pkg:pypi/products.cmfplone@5.0.10
purl pkg:pypi/products.cmfplone@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.10
2
url pkg:pypi/products.cmfplone@5.1.0
purl pkg:pypi/products.cmfplone@5.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.1.0
aliases CVE-2017-1000481, GHSA-8g72-gq68-6gqh, PYSEC-2018-70
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ys36-9r8f-63ab
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.1a1