Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/products.cmfplone@4.1b2
Typepypi
Namespace
Nameproducts.cmfplone
Version4.1b2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.10
Latest_non_vulnerable_version5.1.0
Affected_by_vulnerabilities
0
url VCID-69ps-uetw-y3gf
vulnerability_id VCID-69ps-uetw-y3gf
summary A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52443
published_at 2026-06-04T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52502
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
2
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
3
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
4
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
5
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
6
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
7
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
8
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
13
reference_url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
reference_id 1532485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
reference_id CVE-2017-1000482
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
16
reference_url https://github.com/advisories/GHSA-859j-668v-mrr6
reference_id GHSA-859j-668v-mrr6
reference_type
scores
url https://github.com/advisories/GHSA-859j-668v-mrr6
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.17
purl pkg:pypi/products.cmfplone@4.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-brdm-3g1t-6fgv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.17
1
url pkg:pypi/products.cmfplone@5.0.10
purl pkg:pypi/products.cmfplone@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.10
2
url pkg:pypi/products.cmfplone@5.1.0
purl pkg:pypi/products.cmfplone@5.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.1.0
aliases CVE-2017-1000482, GHSA-859j-668v-mrr6, PYSEC-2018-71
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69ps-uetw-y3gf
1
url VCID-brdm-3g1t-6fgv
vulnerability_id VCID-brdm-3g1t-6fgv
summary 
Cross-site Scripting and Open Redirect in Products.CMFPlone
Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish.
references
0
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
1
reference_url https://github.com/advisories/GHSA-8w54-22w9-3g8f
reference_id GHSA-8w54-22w9-3g8f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w54-22w9-3g8f
2
reference_url https://github.com/plone/Products.CMFPlone/security/advisories/GHSA-8w54-22w9-3g8f
reference_id GHSA-8w54-22w9-3g8f
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/security/advisories/GHSA-8w54-22w9-3g8f
fixed_packages
0
url pkg:pypi/products.cmfplone@5.0
purl pkg:pypi/products.cmfplone@5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-dg61-tw4u-dbcc
2
vulnerability VCID-gd5v-ueah-j7eh
3
vulnerability VCID-mu56-js96-3fdr
4
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0
1
url pkg:pypi/products.cmfplone@5.0.0
purl pkg:pypi/products.cmfplone@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-dg61-tw4u-dbcc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.0
aliases GHSA-8w54-22w9-3g8f, GMS-2022-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brdm-3g1t-6fgv
2
url VCID-dg61-tw4u-dbcc
vulnerability_id VCID-dg61-tw4u-dbcc
summary When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41535
published_at 2026-06-05T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41459
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
2
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
3
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
4
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
5
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
6
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
7
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
8
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
13
reference_url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
reference_id 1532489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
reference_id CVE-2017-1000481
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
16
reference_url https://github.com/advisories/GHSA-8g72-gq68-6gqh
reference_id GHSA-8g72-gq68-6gqh
reference_type
scores
url https://github.com/advisories/GHSA-8g72-gq68-6gqh
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.17
purl pkg:pypi/products.cmfplone@4.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-brdm-3g1t-6fgv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.17
1
url pkg:pypi/products.cmfplone@5.0.10
purl pkg:pypi/products.cmfplone@5.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0.10
2
url pkg:pypi/products.cmfplone@5.1.0
purl pkg:pypi/products.cmfplone@5.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.1.0
aliases CVE-2017-1000481, GHSA-8g72-gq68-6gqh, PYSEC-2018-70
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc
3
url VCID-gd5v-ueah-j7eh
vulnerability_id VCID-gd5v-ueah-j7eh
summary 
Privilege escalation in webdav
A missing webdav security declaration would allow unauthorized webdav access.
references
0
reference_url https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url https://plone.org/products/plone/security/advisories/20160419-announcement
1
reference_url https://plone.org/security/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
url https://plone.org/security/20160419/privilege-escalation-in-webdav
fixed_packages
aliases GMS-2016-28
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gd5v-ueah-j7eh
4
url VCID-h4kd-eh8g-gude
vulnerability_id VCID-h4kd-eh8g-gude
summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66808
published_at 2026-06-05T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66767
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
3
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
7
reference_url https://plone.org/security/20150910/
reference_id
reference_type
scores
url https://plone.org/security/20150910/
8
reference_url https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url https://plone.org/security/20150910/non-persistent-xss-in-plone
9
reference_url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
10
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
11
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
12
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/14
13
reference_url https://github.com/advisories/GHSA-vf8g-m3vq-6p4p
reference_id GHSA-vf8g-m3vq-6p4p
reference_type
scores
url https://github.com/advisories/GHSA-vf8g-m3vq-6p4p
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.7
purl pkg:pypi/products.cmfplone@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-brdm-3g1t-6fgv
2
vulnerability VCID-dg61-tw4u-dbcc
3
vulnerability VCID-gd5v-ueah-j7eh
4
vulnerability VCID-vyc7-kfh2-vbfy
5
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7
1
url pkg:pypi/products.cmfplone@5.0rc2
purl pkg:pypi/products.cmfplone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-brdm-3g1t-6fgv
1
vulnerability VCID-gd5v-ueah-j7eh
2
vulnerability VCID-mu56-js96-3fdr
3
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2
aliases CVE-2015-7316, GHSA-vf8g-m3vq-6p4p, PYSEC-2017-53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude
5
url VCID-n4nh-4rq4-r7hx
vulnerability_id VCID-n4nh-4rq4-r7hx
summary Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7060
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.64201
published_at 2026-06-05T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.64156
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7060
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7060
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7060
7
reference_url https://plone.org/security/20131210/path-leak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/20131210/path-leak
8
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/10/15
9
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/12/3
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040378
reference_id 1040378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040378
11
reference_url https://github.com/advisories/GHSA-rg52-j87w-pf83
reference_id GHSA-rg52-j87w-pf83
reference_type
scores
url https://github.com/advisories/GHSA-rg52-j87w-pf83
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.3
purl pkg:pypi/products.cmfplone@4.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-brdm-3g1t-6fgv
2
vulnerability VCID-dg61-tw4u-dbcc
3
vulnerability VCID-gd5v-ueah-j7eh
4
vulnerability VCID-h4kd-eh8g-gude
5
vulnerability VCID-vyc7-kfh2-vbfy
6
vulnerability VCID-wuas-tkd4-rkd4
7
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.3
aliases CVE-2013-7060, GHSA-rg52-j87w-pf83, PYSEC-2014-65, PYSEC-2014-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4nh-4rq4-r7hx
6
url VCID-uqe7-n3uh-zfac
vulnerability_id VCID-uqe7-n3uh-zfac
summary Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
references
0
reference_url http://osvdb.org/72727
reference_id
reference_type
scores
url http://osvdb.org/72727
1
reference_url http://plone.org/products/plone/security/advisories/CVE-2011-1948
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://plone.org/products/plone/security/advisories/CVE-2011-1948
2
reference_url https://access.redhat.com/errata/RHSA-2012:0151
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:0151
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1948
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67578
published_at 2026-06-05T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.67536
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1948
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=711494
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=711494
6
reference_url http://secunia.com/advisories/44775
reference_id
reference_type
scores
url http://secunia.com/advisories/44775
7
reference_url http://secunia.com/advisories/44776
reference_id
reference_type
scores
url http://secunia.com/advisories/44776
8
reference_url http://securityreason.com/securityalert/8269
reference_id
reference_type
scores
url http://securityreason.com/securityalert/8269
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/67693
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/67693
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml
11
reference_url http://www.securityfocus.com/archive/1/518155/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/518155/100/0/threaded
12
reference_url http://www.securityfocus.com/bid/48005
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/48005
13
reference_url https://access.redhat.com/security/cve/CVE-2011-1948
reference_id CVE-2011-1948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2011-1948
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1948
reference_id CVE-2011-1948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1948
15
reference_url https://github.com/advisories/GHSA-p7h9-vf92-5fj5
reference_id GHSA-p7h9-vf92-5fj5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p7h9-vf92-5fj5
fixed_packages
0
url pkg:pypi/products.cmfplone@4.1rc3
purl pkg:pypi/products.cmfplone@4.1rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-brdm-3g1t-6fgv
2
vulnerability VCID-dg61-tw4u-dbcc
3
vulnerability VCID-gd5v-ueah-j7eh
4
vulnerability VCID-h4kd-eh8g-gude
5
vulnerability VCID-n4nh-4rq4-r7hx
6
vulnerability VCID-vyc7-kfh2-vbfy
7
vulnerability VCID-w2mv-zekv-8fcv
8
vulnerability VCID-wuas-tkd4-rkd4
9
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.1rc3
aliases CVE-2011-1948, GHSA-p7h9-vf92-5fj5, PYSEC-2011-14
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqe7-n3uh-zfac
7
url VCID-vyc7-kfh2-vbfy
vulnerability_id VCID-vyc7-kfh2-vbfy
summary 
Multiple CSRF vulnerabilities in Management Interface
There are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).
references
0
reference_url https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf
reference_id CVE-2015-7293;OSVDB-128533;OSVDB-128532
reference_type exploit
scores
url https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf
fixed_packages
0
url pkg:pypi/products.cmfplone@5.0a1
purl pkg:pypi/products.cmfplone@5.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-brdm-3g1t-6fgv
1
vulnerability VCID-gd5v-ueah-j7eh
2
vulnerability VCID-h4kd-eh8g-gude
3
vulnerability VCID-mu56-js96-3fdr
4
vulnerability VCID-wuas-tkd4-rkd4
5
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a1
aliases GMS-2015-35
risk_score null
exploitability 1.0
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyc7-kfh2-vbfy
8
url VCID-w2mv-zekv-8fcv
vulnerability_id VCID-w2mv-zekv-8fcv
summary Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7061
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49512
published_at 2026-06-05T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.4945
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7061
2
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
3
reference_url https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml
6
reference_url https://plone.org/security/20131210/catalogue-exposure
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/20131210/catalogue-exposure
7
reference_url https://pypi.org/project/Products.PloneHotfix20131210
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20131210
8
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/10/15
9
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/12/3
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040379
reference_id 1040379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040379
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7061
reference_id CVE-2013-7061
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7061
12
reference_url https://github.com/advisories/GHSA-4vr8-r7qr-fpvq
reference_id GHSA-4vr8-r7qr-fpvq
reference_type
scores
url https://github.com/advisories/GHSA-4vr8-r7qr-fpvq
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.3
purl pkg:pypi/products.cmfplone@4.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-brdm-3g1t-6fgv
2
vulnerability VCID-dg61-tw4u-dbcc
3
vulnerability VCID-gd5v-ueah-j7eh
4
vulnerability VCID-h4kd-eh8g-gude
5
vulnerability VCID-vyc7-kfh2-vbfy
6
vulnerability VCID-wuas-tkd4-rkd4
7
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.3
aliases CVE-2013-7061, GHSA-4vr8-r7qr-fpvq, PYSEC-2014-66, PYSEC-2014-68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2mv-zekv-8fcv
9
url VCID-wuas-tkd4-rkd4
vulnerability_id VCID-wuas-tkd4-rkd4
summary Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63354
published_at 2026-06-05T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.6331
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
5
reference_url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
7
reference_url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
9
reference_url https://plone.org/security/20150910
reference_id
reference_type
scores
url https://plone.org/security/20150910
10
reference_url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
11
reference_url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
12
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
13
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
14
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/13
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/13
15
reference_url https://github.com/advisories/GHSA-984m-rj28-8c6x
reference_id GHSA-984m-rj28-8c6x
reference_type
scores
url https://github.com/advisories/GHSA-984m-rj28-8c6x
fixed_packages
0
url pkg:pypi/products.cmfplone@4.3.7
purl pkg:pypi/products.cmfplone@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69ps-uetw-y3gf
1
vulnerability VCID-brdm-3g1t-6fgv
2
vulnerability VCID-dg61-tw4u-dbcc
3
vulnerability VCID-gd5v-ueah-j7eh
4
vulnerability VCID-vyc7-kfh2-vbfy
5
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7
1
url pkg:pypi/products.cmfplone@5.0rc2
purl pkg:pypi/products.cmfplone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-brdm-3g1t-6fgv
1
vulnerability VCID-gd5v-ueah-j7eh
2
vulnerability VCID-mu56-js96-3fdr
3
vulnerability VCID-zg7t-g8m5-nbat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2
aliases CVE-2015-7315, GHSA-984m-rj28-8c6x, PYSEC-2017-52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuas-tkd4-rkd4
10
url VCID-zg7t-g8m5-nbat
vulnerability_id VCID-zg7t-g8m5-nbat
summary 
Unauthorized disclosure of site content
A vulnerability that allows attackers to gain information about private site content.
references
0
reference_url https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url https://plone.org/products/plone/security/advisories/20160419-announcement
1
reference_url https://plone.org/security/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
url https://plone.org/security/20160419/unauthorized-disclosure-of-site-content
fixed_packages
aliases GMS-2016-27
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zg7t-g8m5-nbat
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.1b2