Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/plone@2.1

Type pypi

Namespace

Name plone

Version 2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.10

Latest_non_vulnerable_version 6.0.10

Affected_by_vulnerabilities

url VCID-3shf-hh9a-rqdw

vulnerability_id VCID-3shf-hh9a-rqdw

summary zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4191

reference_id

reference_type

scores

value	0.00309
scoring_system	epss
scoring_elements	0.54393
published_at	2026-06-04T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.5445
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4191

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978453

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978453

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4191

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4191

reference_url	https://github.com/advisories/GHSA-grwx-4p5v-9g2g
reference_id	GHSA-grwx-4p5v-9g2g
reference_type
scores
url	https://github.com/advisories/GHSA-grwx-4p5v-9g2g

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4191, GHSA-grwx-4p5v-9g2g, PYSEC-2014-55

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3shf-hh9a-rqdw

url VCID-4v5e-r5we-tffe

vulnerability_id VCID-4v5e-r5we-tffe

summary The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4200

reference_id

reference_type

scores

value	0.05344
scoring_system	epss
scoring_elements	0.90233
published_at	2026-06-04T12:55:00Z

value	0.05344
scoring_system	epss
scoring_elements	0.90249
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4200

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml

reference_url

http://www.openwall.com/lists/oss-security/2013/08/01/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/08/01/2

reference_url	http://www.securityfocus.com/archive/1/530787/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/530787/100/0/threaded

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4200

reference_id

CVE-2013-4200

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4200

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt
reference_id	CVE-2013-4200;OSVDB-95863
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt

reference_url	https://www.securityfocus.com/bid/61964/info
reference_id	CVE-2013-4200;OSVDB-95863
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/61964/info

reference_url	https://github.com/advisories/GHSA-56p3-rrp4-2j82
reference_id	GHSA-56p3-rrp4-2j82
reference_type
scores
url	https://github.com/advisories/GHSA-56p3-rrp4-2j82

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4200, GHSA-56p3-rrp4-2j82, PYSEC-2014-64

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v5e-r5we-tffe

url VCID-9a27-8egg-7uam

vulnerability_id VCID-9a27-8egg-7uam

summary traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4188

reference_id

reference_type

scores

value	0.00564
scoring_system	epss
scoring_elements	0.68773
published_at	2026-06-04T12:55:00Z

value	0.00564
scoring_system	epss
scoring_elements	0.68813
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4188

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978449

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978449

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4188

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4188

reference_url	https://github.com/advisories/GHSA-w3pw-qxjj-6prr
reference_id	GHSA-w3pw-qxjj-6prr
reference_type
scores
url	https://github.com/advisories/GHSA-w3pw-qxjj-6prr

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4188, GHSA-w3pw-qxjj-6prr, PYSEC-2014-52

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9a27-8egg-7uam

url VCID-9dr2-mexa-qfbn

vulnerability_id VCID-9dr2-mexa-qfbn

summary sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4192

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44383
published_at	2026-06-04T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44451
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4192

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978464

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978464

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4192

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4192

reference_url	https://github.com/advisories/GHSA-f5h9-3hpf-9j8m
reference_id	GHSA-f5h9-3hpf-9j8m
reference_type
scores
url	https://github.com/advisories/GHSA-f5h9-3hpf-9j8m

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4192, GHSA-f5h9-3hpf-9j8m, PYSEC-2014-56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dr2-mexa-qfbn

url VCID-9u27-bf7b-x7er

vulnerability_id VCID-9u27-bf7b-x7er

summary typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4193

reference_id

reference_type

scores

value	0.00309
scoring_system	epss
scoring_elements	0.5445
published_at	2026-06-05T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54393
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4193

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978469

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978469

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4193

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4193

reference_url	https://github.com/advisories/GHSA-6fgf-x7wg-hp8r
reference_id	GHSA-6fgf-x7wg-hp8r
reference_type
scores
url	https://github.com/advisories/GHSA-6fgf-x7wg-hp8r

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4193, GHSA-6fgf-x7wg-hp8r, PYSEC-2014-57

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u27-bf7b-x7er

url VCID-hygx-6n52-u7fz

vulnerability_id VCID-hygx-6n52-u7fz

summary mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4198

reference_id

reference_type

scores

value	0.00305
scoring_system	epss
scoring_elements	0.54118
published_at	2026-06-05T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.54062
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4198

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978480

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978480

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4198

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4198

reference_url

https://pypi.org/project/Products.PloneHotfix20130618

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/Products.PloneHotfix20130618

reference_url	https://github.com/advisories/GHSA-qjxf-6pr8-j87v
reference_id	GHSA-qjxf-6pr8-j87v
reference_type
scores
url	https://github.com/advisories/GHSA-qjxf-6pr8-j87v

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4198, GHSA-qjxf-6pr8-j87v, PYSEC-2014-62

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hygx-6n52-u7fz

url VCID-nrxp-p6rx-8kdd

vulnerability_id VCID-nrxp-p6rx-8kdd

summary Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4195

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52191
published_at	2026-06-04T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52251
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4195

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978471

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978471

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4195

reference_id

CVE-2013-4195

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4195

reference_url	https://github.com/advisories/GHSA-j67j-8hrp-76xm
reference_id	GHSA-j67j-8hrp-76xm
reference_type
scores
url	https://github.com/advisories/GHSA-j67j-8hrp-76xm

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4195, GHSA-j67j-8hrp-76xm, PYSEC-2014-59

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrxp-p6rx-8kdd

url VCID-s84e-bb7w-5qht

vulnerability_id VCID-s84e-bb7w-5qht

summary member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4197

reference_id

reference_type

scores

value	0.00498
scoring_system	epss
scoring_elements	0.66242
published_at	2026-06-04T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.66293
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4197

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978478

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978478

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4197

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4197

reference_url	https://github.com/advisories/GHSA-jjvw-3h9j-p7jf
reference_id	GHSA-jjvw-3h9j-p7jf
reference_type
scores
url	https://github.com/advisories/GHSA-jjvw-3h9j-p7jf

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4197, GHSA-jjvw-3h9j-p7jf, PYSEC-2014-61

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s84e-bb7w-5qht

url VCID-shjb-m9k6-uuf1

vulnerability_id VCID-shjb-m9k6-uuf1

summary (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4199

reference_id

reference_type

scores

value	0.0048
scoring_system	epss
scoring_elements	0.65494
published_at	2026-06-05T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65442
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4199

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978482

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978482

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4199

reference_id

CVE-2013-4199

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4199

reference_url	https://github.com/advisories/GHSA-xfjq-9rxq-ph6m
reference_id	GHSA-xfjq-9rxq-ph6m
reference_type
scores
url	https://github.com/advisories/GHSA-xfjq-9rxq-ph6m

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4199, GHSA-xfjq-9rxq-ph6m, PYSEC-2014-63

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shjb-m9k6-uuf1

url VCID-ud5f-7gx8-83d6

vulnerability_id VCID-ud5f-7gx8-83d6

summary The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4196

reference_id

reference_type

scores

value	0.00319
scoring_system	epss
scoring_elements	0.55302
published_at	2026-06-05T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55245
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4196

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978475

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978475

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4196

reference_id

CVE-2013-4196

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4196

reference_url	https://github.com/advisories/GHSA-qphh-5fv5-2mjj
reference_id	GHSA-qphh-5fv5-2mjj
reference_type
scores
url	https://github.com/advisories/GHSA-qphh-5fv5-2mjj

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4196, GHSA-qphh-5fv5-2mjj, PYSEC-2014-60

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud5f-7gx8-83d6

url VCID-x8n5-qj35-eqb1

vulnerability_id VCID-x8n5-qj35-eqb1

summary Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4190

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49148
published_at	2026-06-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49209
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4190

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978451

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978451

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4190

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4190

reference_url	https://github.com/advisories/GHSA-89rq-27xp-vgv7
reference_id	GHSA-89rq-27xp-vgv7
reference_type
scores
url	https://github.com/advisories/GHSA-89rq-27xp-vgv7

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4190, GHSA-89rq-27xp-vgv7, PYSEC-2014-54

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8n5-qj35-eqb1

url VCID-xcaz-c9xr-8bhv

vulnerability_id VCID-xcaz-c9xr-8bhv

summary Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

references

reference_url

http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2422.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2422.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-2422

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60536
published_at	2026-06-05T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60488
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-2422

reference_url	http://secunia.com/advisories/40270
reference_id
reference_type
scores
url	http://secunia.com/advisories/40270

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2010-19.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2010-19.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-2422

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-2422

reference_url

https://web.archive.org/web/20100728161728/http://secunia.com/advisories/40270

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20100728161728/http://secunia.com/advisories/40270

reference_url

https://web.archive.org/web/20200228223808/http://www.securityfocus.com/bid/40999

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228223808/http://www.securityfocus.com/bid/40999

reference_url	http://www.securityfocus.com/bid/40999
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/40999

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=608098
reference_id	608098
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=608098

reference_url	https://github.com/advisories/GHSA-qj7x-wm9q-qjx8
reference_id	GHSA-qj7x-wm9q-qjx8
reference_type
scores
url	https://github.com/advisories/GHSA-qj7x-wm9q-qjx8

fixed_packages

url pkg:pypi/plone@3.3.5

purl pkg:pypi/plone@3.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-fqcf-4say-h7g8

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jhw6-wxz2-qbgd

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mh7a-3p1f-9ufs

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xcaz-c9xr-8bhv

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-z886-y25h-nua3

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.5

url pkg:pypi/plone@3.3.6

purl pkg:pypi/plone@3.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-fqcf-4say-h7g8

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jhw6-wxz2-qbgd

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mh7a-3p1f-9ufs

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.6

aliases CVE-2010-2422, GHSA-qj7x-wm9q-qjx8, PYSEC-2010-19

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcaz-c9xr-8bhv

url VCID-ykmg-jcfe-8qf4

vulnerability_id VCID-ykmg-jcfe-8qf4

summary Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4189

reference_id

reference_type

scores

value	0.00498
scoring_system	epss
scoring_elements	0.66293
published_at	2026-06-05T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.66242
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4189

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978450

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978450

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4189

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4189

reference_url	https://github.com/advisories/GHSA-pwpq-632g-h49g
reference_id	GHSA-pwpq-632g-h49g
reference_type
scores
url	https://github.com/advisories/GHSA-pwpq-632g-h49g

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4189, GHSA-pwpq-632g-h49g, PYSEC-2014-53

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmg-jcfe-8qf4

url VCID-yuph-y2fa-3uaa

vulnerability_id VCID-yuph-y2fa-3uaa

summary The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

references

reference_url

http://plone.org/products/plone-hotfix/releases/20130618

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone-hotfix/releases/20130618

reference_url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://plone.org/products/plone/security/advisories/20130618-announcement

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4194

reference_id

reference_type

scores

value	0.00319
scoring_system	epss
scoring_elements	0.55302
published_at	2026-06-05T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55245
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4194

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=978470

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=978470

reference_url

http://seclists.org/oss-sec/2013/q3/261

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/261

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4194

reference_id

CVE-2013-4194

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4194

reference_url	https://github.com/advisories/GHSA-mm32-jw73-9227
reference_id	GHSA-mm32-jw73-9227
reference_type
scores
url	https://github.com/advisories/GHSA-mm32-jw73-9227

fixed_packages

url pkg:pypi/plone@4.1.1

purl pkg:pypi/plone@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1

url pkg:pypi/plone@4.2.6

purl pkg:pypi/plone@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6

url pkg:pypi/plone@4.3.2

purl pkg:pypi/plone@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-1f3t-a46p-13ca

vulnerability	VCID-4ttq-tacy-4ugg

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8v5e-zud2-g7em

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-d6hq-qfek-1bgu

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-h4kd-eh8g-gude

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-th3f-wx1q-eba5

vulnerability	VCID-vgga-a2ga-t3hw

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-wuas-tkd4-rkd4

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2

aliases CVE-2013-4194, GHSA-mm32-jw73-9227, PYSEC-2014-58

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuph-y2fa-3uaa

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.1

Package Instance