Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/plone@5.0.0
Typepypi
Namespace
Nameplone
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.5
Latest_non_vulnerable_version6.0.7
Affected_by_vulnerabilities
0
url VCID-17w2-gd3m-2qff
vulnerability_id VCID-17w2-gd3m-2qff
summary z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Oct/80
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml
4
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
5
reference_url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
6
reference_url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
7
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/09/05/4
8
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/09/05/5
9
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
10
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92752
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7136
reference_id CVE-2016-7136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7136
12
reference_url https://github.com/advisories/GHSA-22jm-p2vv-j2hc
reference_id GHSA-22jm-p2vv-j2hc
reference_type
scores
url https://github.com/advisories/GHSA-22jm-p2vv-j2hc
fixed_packages
0
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-jvvz-bafs-t7gc
18
vulnerability VCID-p71t-er3d-9fdn
19
vulnerability VCID-pzke-4by2-w3hk
20
vulnerability VCID-q7nt-b3s9-9kf6
21
vulnerability VCID-r52t-hx1j-ufa1
22
vulnerability VCID-x2xm-hpc2-uubq
23
vulnerability VCID-z4jt-v88h-77er
24
vulnerability VCID-zwnj-revc-vbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7136, GHSA-22jm-p2vv-j2hc, PYSEC-2017-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17w2-gd3m-2qff
1
url VCID-5n6e-cha8-nyb8
vulnerability_id VCID-5n6e-cha8-nyb8
summary Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Oct/80
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
4
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
5
reference_url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
6
reference_url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
7
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/09/05/4
8
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/09/05/5
9
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
10
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92752
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7138
reference_id CVE-2016-7138
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7138
12
reference_url https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
reference_id GHSA-v3hp-f8qr-cf3p
reference_type
scores
url https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
fixed_packages
0
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-jvvz-bafs-t7gc
18
vulnerability VCID-p71t-er3d-9fdn
19
vulnerability VCID-pzke-4by2-w3hk
20
vulnerability VCID-q7nt-b3s9-9kf6
21
vulnerability VCID-r52t-hx1j-ufa1
22
vulnerability VCID-x2xm-hpc2-uubq
23
vulnerability VCID-z4jt-v88h-77er
24
vulnerability VCID-zwnj-revc-vbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7138, GHSA-v3hp-f8qr-cf3p, PYSEC-2017-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n6e-cha8-nyb8
2
url VCID-edq7-7ncc-mbfx
vulnerability_id VCID-edq7-7ncc-mbfx
summary By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
references
0
reference_url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
url https://github.com/plone/Plone
2
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/issues/2232
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
4
reference_url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
reference_id CVE-2017-1000484
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
fixed_packages
0
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-8wkk-84ky-17ak
3
vulnerability VCID-951j-w95x-83g8
4
vulnerability VCID-9gu8-dgkr-sua3
5
vulnerability VCID-ax8a-2g7j-6ya2
6
vulnerability VCID-basq-jjsf-3fbd
7
vulnerability VCID-bmwk-nutp-r3fs
8
vulnerability VCID-d42u-s7za-a3ad
9
vulnerability VCID-eu4z-htaq-c3d6
10
vulnerability VCID-exan-4j3e-2qeh
11
vulnerability VCID-fdpc-runu-ekah
12
vulnerability VCID-j8fv-uhxw-jkcw
13
vulnerability VCID-p71t-er3d-9fdn
14
vulnerability VCID-q7nt-b3s9-9kf6
15
vulnerability VCID-r52t-hx1j-ufa1
16
vulnerability VCID-x2xm-hpc2-uubq
17
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.0