Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/7102?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "type": "pypi", "namespace": "", "name": "plone", "version": "4.0a1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.0.11", "latest_non_vulnerable_version": "6.0.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34902?format=api", "vulnerability_id": "VCID-2sk4-yc6h-17c4", "summary": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5489.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5489.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69131", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5489" }, { "reference_url": "https://bugs.launchpad.net/zope2/+bug/1079238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/zope2/+bug/1079238" }, { "reference_url": "https://github.com/advisories/GHSA-879r-7f3w-8jj3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-879r-7f3w-8jj3" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/05", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/05" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878961", "reference_id": "878961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878961" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5489", "reference_id": "CVE-2012-5489", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5489", "GHSA-879r-7f3w-8jj3", "PYSEC-2014-31", "PYSEC-2014-74" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sk4-yc6h-17c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34733?format=api", "vulnerability_id": "VCID-3buw-zes9-ukg4", "summary": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.", "references": [ { "reference_url": "http://osvdb.org/72728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/72728" }, { "reference_url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1949.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59441", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1949" }, { "reference_url": "http://secunia.com/advisories/44775", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44775" }, { "reference_url": "http://secunia.com/advisories/44776", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44776" }, { "reference_url": "http://securityreason.com/securityalert/8269", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/8269" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694" }, { "reference_url": "https://github.com/advisories/GHSA-h6hq-c896-w882", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6hq-c896-w882" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml" }, { "reference_url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/48005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/48005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=711495", "reference_id": "711495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1949", "reference_id": "CVE-2011-1949", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7133?format=api", "purl": "pkg:pypi/plone@4.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" } ], "aliases": [ "CVE-2011-1949", "GHSA-h6hq-c896-w882", "PYSEC-2011-15" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3buw-zes9-ukg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34846?format=api", "vulnerability_id": "VCID-3shf-hh9a-rqdw", "summary": "zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54393", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4191", "GHSA-grwx-4p5v-9g2g", "PYSEC-2014-55" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3shf-hh9a-rqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34834?format=api", "vulnerability_id": "VCID-4v5e-r5we-tffe", "summary": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90233", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/08/01/2" }, { "reference_url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200", "reference_id": "CVE-2013-4200", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt", "reference_id": "CVE-2013-4200;OSVDB-95863", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt" }, { "reference_url": "https://www.securityfocus.com/bid/61964/info", "reference_id": "CVE-2013-4200;OSVDB-95863", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/61964/info" }, { "reference_url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82", "reference_id": "GHSA-56p3-rrp4-2j82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4200", "GHSA-56p3-rrp4-2j82", "PYSEC-2014-64" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v5e-r5we-tffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35163?format=api", "vulnerability_id": "VCID-5ry7-xy6b-5fag", "summary": "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.53", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000483" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/sandbox-escape", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/sandbox-escape" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532484", "reference_id": "1532484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532484" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483", "reference_id": "CVE-2017-1000483", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483" }, { "reference_url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx", "reference_id": "GHSA-qc57-h2f7-p4hx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000483", "GHSA-qc57-h2f7-p4hx", "PYSEC-2018-72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ry7-xy6b-5fag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35042?format=api", "vulnerability_id": "VCID-6568-4ert-1bau", "summary": "Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39978", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5524" }, { "reference_url": "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/1912", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/1912" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20170117/sandbox-escape", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117/sandbox-escape" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/18/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2017/01/18/6" }, { "reference_url": "http://www.securityfocus.com/bid/95679", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/95679" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436640", "reference_id": "1436640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5524", "reference_id": "CVE-2017-5524", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5524" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10585?format=api", "purl": "pkg:pypi/plone@5.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1" } ], "aliases": [ "CVE-2017-5524", "GHSA-p5wr-vp8g-q5p4", "PYSEC-2017-81" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6568-4ert-1bau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35162?format=api", "vulnerability_id": "VCID-69ps-uetw-y3gf", "summary": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52443", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000482" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2233" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2234", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2234" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2235", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2235" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2236", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2236" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532485", "reference_id": "1532485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532485" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000482", "reference_id": "CVE-2017-1000482", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000482" }, { "reference_url": "https://github.com/advisories/GHSA-859j-668v-mrr6", "reference_id": "GHSA-859j-668v-mrr6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-859j-668v-mrr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000482", "GHSA-859j-668v-mrr6", "PYSEC-2018-71" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69ps-uetw-y3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35702?format=api", "vulnerability_id": "VCID-8rp3-p3qe-x7ej", "summary": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65624", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28736" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-2c8c-84w2-j38j", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c8c-84w2-j38j" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28736", "reference_id": "CVE-2020-28736", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19507?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28736", "GHSA-2c8c-84w2-j38j", "PYSEC-2020-248" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34855?format=api", "vulnerability_id": "VCID-9a27-8egg-7uam", "summary": "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\"", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68773", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4188" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4188", "GHSA-w3pw-qxjj-6prr", "PYSEC-2014-52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9a27-8egg-7uam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34856?format=api", "vulnerability_id": "VCID-9dr2-mexa-qfbn", "summary": "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44383", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4192", "GHSA-f5h9-3hpf-9j8m", "PYSEC-2014-56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dr2-mexa-qfbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34912?format=api", "vulnerability_id": "VCID-9kgy-2mwu-6yhd", "summary": "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5485.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5485.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5485", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5485" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69808", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5485" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878934" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-27.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-27.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5485", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5485" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/01" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5485", "GHSA-7hxc-mwx7-5hmc", "PYSEC-2014-27" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kgy-2mwu-6yhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34847?format=api", "vulnerability_id": "VCID-9u27-bf7b-x7er", "summary": "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54393", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4193" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4193", "GHSA-6fgf-x7wg-hp8r", "PYSEC-2014-57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u27-bf7b-x7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35806?format=api", "vulnerability_id": "VCID-ax8a-2g7j-6ya2", "summary": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5383", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33513" }, { "reference_url": "https://github.com/advisories/GHSA-fj67-w3m4-rfmp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj67-w3m4-rfmp" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33513", "reference_id": "CVE-2021-33513", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33513" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33513", "GHSA-fj67-w3m4-rfmp", "PYSEC-2021-85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35798?format=api", "vulnerability_id": "VCID-basq-jjsf-3fbd", "summary": "Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63703", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3313" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3313", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3313" }, { "reference_url": "https://plone.org/download/releases/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/download/releases/5.2.3" }, { "reference_url": "https://plone.org/security/hotfix/20210518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname" }, { "reference_url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21990?format=api", "purl": "pkg:pypi/plone@5.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4" } ], "aliases": [ "CVE-2021-3313", "GHSA-hprr-4vfq-fcxw", "PYSEC-2021-78" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34908?format=api", "vulnerability_id": "VCID-chqa-wbu7-eyak", "summary": "queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5498.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01001", "scoring_system": "epss", "scoring_elements": "0.77348", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874665" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-40.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-40.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/14" }, { "reference_url": "https://web.archive.org/web/20130528001715/https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130528001715/https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://web.archive.org/web/20131103191705/https://plone.org/products/plone/security/advisories/20121106/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131103191705/https://plone.org/products/plone/security/advisories/20121106/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/09/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/09/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5498", "reference_id": "CVE-2012-5498", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5498", "reference_id": "CVE-2012-5498", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5498" }, { "reference_url": "https://github.com/advisories/GHSA-97rj-p794-wq6m", "reference_id": "GHSA-97rj-p794-wq6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-97rj-p794-wq6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5498", "GHSA-97rj-p794-wq6m", "PYSEC-2014-40" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chqa-wbu7-eyak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35117?format=api", "vulnerability_id": "VCID-cpwq-sq8b-4yhf", "summary": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt" }, { "reference_url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56359", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7293" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7293", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7293" }, { "reference_url": "https://plone.org/security/hotfix/20151006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20151006" }, { "reference_url": "https://pypi.python.org/pypi/plone4.csrffixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.python.org/pypi/plone4.csrffixes" }, { "reference_url": "https://www.exploit-db.com/exploits/38411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/38411" }, { "reference_url": "https://www.exploit-db.com/exploits/38411/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/38411/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt", "reference_id": "CVE-2015-7293;OSVDB-128533;OSVDB-128532", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9723?format=api", "purl": "pkg:pypi/plone@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1" } ], "aliases": [ "CVE-2015-7293", "GHSA-p3qm-44cf-f8qx", "PYSEC-2017-51" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwq-sq8b-4yhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35801?format=api", "vulnerability_id": "VCID-d42u-s7za-a3ad", "summary": "Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51238", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33511" }, { "reference_url": "https://github.com/advisories/GHSA-gc9g-67cq-p7v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc9g-67cq-p7v4" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33511", "reference_id": "CVE-2021-33511", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33511", "GHSA-gc9g-67cq-p7v4", "PYSEC-2021-83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37966?format=api", "vulnerability_id": "VCID-d6hq-qfek-1bgu", "summary": "User information disclosure\nA vulnerability allows unauthorized disclosure of registered user information.", "references": [ { "reference_url": "https://plone.org/products/plone/security/advisories/20151208-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/products/plone/security/advisories/20151208-announcement" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9613?format=api", "purl": "pkg:pypi/plone@4.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/9618?format=api", "purl": "pkg:pypi/plone@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.1" } ], "aliases": [ "GMS-2015-51" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6hq-qfek-1bgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35161?format=api", "vulnerability_id": "VCID-dg61-tw4u-dbcc", "summary": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41459", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000481" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2233" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2234", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2234" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2235", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2235" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2236", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2236" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532489", "reference_id": "1532489", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532489" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481", "reference_id": "CVE-2017-1000481", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481" }, { "reference_url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh", "reference_id": "GHSA-8g72-gq68-6gqh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000481", "GHSA-8g72-gq68-6gqh", "PYSEC-2018-70" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34919?format=api", "vulnerability_id": "VCID-dxqw-uf6r-vbbh", "summary": "at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5501.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5501" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-43.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-43.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5501", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5501" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/17" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874162", "reference_id": "874162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5501", "GHSA-pvhv-qwc8-r2pg", "PYSEC-2014-43" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxqw-uf6r-vbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35164?format=api", "vulnerability_id": "VCID-edq7-7ncc-mbfx", "summary": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41459", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000484" }, { "reference_url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532487", "reference_id": "1532487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484", "reference_id": "CVE-2017-1000484", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000484", "GHSA-xvwv-6wvx-px9x", "PYSEC-2018-73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34906?format=api", "vulnerability_id": "VCID-eg2r-ez9f-hkak", "summary": "Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5494.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5494" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-36.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-36.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874703", "reference_id": "874703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874703" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5494", "reference_id": "CVE-2012-5494", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5494" }, { "reference_url": "https://github.com/advisories/GHSA-3g6w-4m7x-97v6", "reference_id": "GHSA-3g6w-4m7x-97v6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3g6w-4m7x-97v6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5494", "GHSA-3g6w-4m7x-97v6", "PYSEC-2014-36" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eg2r-ez9f-hkak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35800?format=api", "vulnerability_id": "VCID-eu4z-htaq-c3d6", "summary": "Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30484", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33510" }, { "reference_url": "https://github.com/advisories/GHSA-4mg4-wvmx-5332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4mg4-wvmx-5332" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33510", "reference_id": "CVE-2021-33510", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33510" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33510", "GHSA-4mg4-wvmx-5332", "PYSEC-2021-82" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35701?format=api", "vulnerability_id": "VCID-exan-4j3e-2qeh", "summary": "Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65624", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28734" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-wq6x-g685-w5f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq6x-g685-w5f2" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28734", "reference_id": "CVE-2020-28734", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19507?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28734", "GHSA-wq6x-g685-w5f2", "PYSEC-2020-246" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-exan-4j3e-2qeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35700?format=api", "vulnerability_id": "VCID-fdpc-runu-ekah", "summary": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65624", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28735" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-x7wf-5mjc-6x76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7wf-5mjc-6x76" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28735", "reference_id": "CVE-2020-28735", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28735" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19507?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28735", "GHSA-x7wf-5mjc-6x76", "PYSEC-2020-247" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpc-runu-ekah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34910?format=api", "vulnerability_id": "VCID-g2ap-vh6r-yqds", "summary": "AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5507.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51271", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5507" }, { "reference_url": "https://bugs.launchpad.net/zope2/+bug/1071067", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/zope2/+bug/1071067" }, { "reference_url": "https://github.com/advisories/GHSA-3qpr-7rmg-73v8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3qpr-7rmg-73v8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/23" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874110", "reference_id": "874110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874110" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5507", "reference_id": "CVE-2012-5507", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5507", "GHSA-3qpr-7rmg-73v8", "PYSEC-2014-49", "PYSEC-2014-75" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2ap-vh6r-yqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34920?format=api", "vulnerability_id": "VCID-g6ky-pfur-7kfg", "summary": "Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5504.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5504" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-46.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-46.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/20", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/20" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874219", "reference_id": "874219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874219" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5504", "reference_id": "CVE-2012-5504", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5504" }, { "reference_url": "https://github.com/advisories/GHSA-5whw-5cmm-9jw4", "reference_id": "GHSA-5whw-5cmm-9jw4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5whw-5cmm-9jw4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5504", "GHSA-5whw-5cmm-9jw4", "PYSEC-2014-46" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6ky-pfur-7kfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34914?format=api", "vulnerability_id": "VCID-gdtw-2d1s-2bbw", "summary": "Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5490.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5490" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-32.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-32.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5490", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5490" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/06", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/06" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878968", "reference_id": "878968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5490", "GHSA-q46g-v7r4-9vhr", "PYSEC-2014-32" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdtw-2d1s-2bbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34909?format=api", "vulnerability_id": "VCID-h8ur-tnzd-afay", "summary": "atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5505" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-47.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5505" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/21" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874214", "reference_id": "874214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874214" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5505", "GHSA-cq5g-924m-7fxh", "PYSEC-2014-47" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ur-tnzd-afay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34915?format=api", "vulnerability_id": "VCID-hb93-ea78-8ygv", "summary": "gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5493.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61636", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5493" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-35.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-35.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5493", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5493" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/09", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/09" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874704", "reference_id": "874704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874704" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5493", "GHSA-25jh-5h5r-h33m", "PYSEC-2014-35" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb93-ea78-8ygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35022?format=api", "vulnerability_id": "VCID-hhux-xufk-ube2", "summary": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53517", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7147" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7147", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7147" }, { "reference_url": "https://plone.org/security/hotfix/20170117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117" }, { "reference_url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2" }, { "reference_url": "https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117" }, { "reference_url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html" }, { "reference_url": "http://www.curesec.com/blog/article/blog/Plone-XSS-186.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.curesec.com/blog/article/blog/Plone-XSS-186.html" }, { "reference_url": "http://www.securityfocus.com/bid/96117", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96117" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7147", "GHSA-84jm-cpc5-c7g7", "PYSEC-2017-64" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhux-xufk-ube2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34849?format=api", "vulnerability_id": "VCID-hygx-6n52-u7fz", "summary": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54062", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4198", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4198" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20130618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4198", "GHSA-qjxf-6pr8-j87v", "PYSEC-2014-62" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hygx-6n52-u7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34722?format=api", "vulnerability_id": "VCID-jhw6-wxz2-qbgd", "summary": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.", "references": [ { "reference_url": "http://osvdb.org/70753", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/70753" }, { "reference_url": "http://plone.org/products/plone/security/advisories/cve-2011-0720", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/cve-2011-0720" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0720.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01407", "scoring_system": "epss", "scoring_elements": "0.8082", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0720" }, { "reference_url": "http://secunia.com/advisories/43146", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43146" }, { "reference_url": "http://secunia.com/advisories/43914", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43914" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-13.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0720", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0720" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/CVE-2011-0720/logchecker.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/CVE-2011-0720/logchecker.py" }, { "reference_url": "https://seclists.org/fulldisclosure/2011/Apr/293", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/fulldisclosure/2011/Apr/293" }, { "reference_url": "https://web.archive.org/web/20110505051314/http://secunia.com/advisories/43914", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110505051314/http://secunia.com/advisories/43914" }, { "reference_url": "https://web.archive.org/web/20110826134658/http://secunia.com/advisories/43146", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110826134658/http://secunia.com/advisories/43146" }, { "reference_url": "https://web.archive.org/web/20200229153953/http://www.securityfocus.com/bid/46102", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229153953/http://www.securityfocus.com/bid/46102" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html" }, { "reference_url": "http://www.securityfocus.com/bid/46102", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46102" }, { "reference_url": "http://www.securitytracker.com/id?1025258", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025258" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0796", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=676961", "reference_id": "676961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0393", "reference_id": "RHSA-2011:0393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0394", "reference_id": "RHSA-2011:0394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7114?format=api", "purl": "pkg:pypi/plone@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7131?format=api", "purl": "pkg:pypi/plone@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.4" } ], "aliases": [ "CVE-2011-0720", "GHSA-3v28-9jjp-4g5w", "PYSEC-2011-13" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhw6-wxz2-qbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34732?format=api", "vulnerability_id": "VCID-jvwn-yw13-gfe9", "summary": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.", "references": [ { "reference_url": "http://osvdb.org/72729", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/72729" }, { "reference_url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00762", "scoring_system": "epss", "scoring_elements": "0.73724", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1950" }, { "reference_url": "http://secunia.com/advisories/44775", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44775" }, { "reference_url": "http://securityreason.com/securityalert/8269", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/8269" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695" }, { "reference_url": "https://github.com/advisories/GHSA-2qx8-589j-gcpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qx8-589j-gcpx" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml" }, { "reference_url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/48005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/48005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=711496", "reference_id": "711496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1950", "reference_id": "CVE-2011-1950", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1950" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7133?format=api", "purl": "pkg:pypi/plone@4.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" } ], "aliases": [ "CVE-2011-1950", "GHSA-2qx8-589j-gcpx", "PYSEC-2011-16" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvwn-yw13-gfe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34935?format=api", "vulnerability_id": "VCID-khhr-m295-23gs", "summary": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6661" }, { "reference_url": "https://bugs.launchpad.net/zope2/+bug/1071067", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/zope2/+bug/1071067" }, { "reference_url": "https://github.com/advisories/GHSA-48vv-2pmq-9fvv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-48vv-2pmq-9fvv" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121124", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121124" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/24" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874108", "reference_id": "874108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6661", "reference_id": "CVE-2012-6661", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-6661", "GHSA-48vv-2pmq-9fvv", "PYSEC-2014-51", "PYSEC-2014-76" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khhr-m295-23gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34933?format=api", "vulnerability_id": "VCID-khsn-43tn-37bx", "summary": "The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5500.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5500.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5500" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57197", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874649", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874649" }, { "reference_url": "https://github.com/plone/plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-42.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-42.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5500" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/16" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5500", "GHSA-2q75-f7cp-w86q", "PYSEC-2014-42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khsn-43tn-37bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34913?format=api", "vulnerability_id": "VCID-krfw-xa2b-vue5", "summary": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5486.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5486.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5486" }, { "reference_url": "https://bugs.launchpad.net/zope2/+bug/930812", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/zope2/+bug/930812" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878939" }, { "reference_url": "https://github.com/advisories/GHSA-77hv-8796-8ccp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77hv-8796-8ccp" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/02" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5486", "reference_id": "CVE-2012-5486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5486" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5486", "reference_id": "CVE-2012-5486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5486" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5486", "GHSA-77hv-8796-8ccp", "PYSEC-2014-28", "PYSEC-2014-73" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krfw-xa2b-vue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34903?format=api", "vulnerability_id": "VCID-kz14-79we-xbfe", "summary": "uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5492.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5492" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-34.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-34.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5492", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5492" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/08", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/08" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874717", "reference_id": "874717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874717" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5492", "GHSA-6w93-4c4p-xv2x", "PYSEC-2014-34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kz14-79we-xbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34907?format=api", "vulnerability_id": "VCID-mt5t-3gsw-7fde", "summary": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to \"go_back.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70873", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5495" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-37.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5495", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5495" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874699", "reference_id": "874699", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874699" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5495", "GHSA-w6pw-5gh5-4952", "PYSEC-2014-37" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt5t-3gsw-7fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34873?format=api", "vulnerability_id": "VCID-n4nh-4rq4-r7hx", "summary": "Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64156", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7060" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7060", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7060" }, { "reference_url": "https://plone.org/security/20131210/path-leak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/path-leak" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/10/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040378", "reference_id": "1040378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8152?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7060", "GHSA-rg52-j87w-pf83", "PYSEC-2014-65", "PYSEC-2014-67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4nh-4rq4-r7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34843?format=api", "vulnerability_id": "VCID-nrxp-p6rx-8kdd", "summary": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195", "reference_id": "CVE-2013-4195", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195" }, { "reference_url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm", "reference_id": "GHSA-j67j-8hrp-76xm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4195", "GHSA-j67j-8hrp-76xm", "PYSEC-2014-59" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrxp-p6rx-8kdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35805?format=api", "vulnerability_id": "VCID-p71t-er3d-9fdn", "summary": "Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5383", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33512" }, { "reference_url": "https://github.com/advisories/GHSA-hm2h-f456-6j88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm2h-f456-6j88" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33512", "reference_id": "CVE-2021-33512", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33512" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33512", "GHSA-hm2h-f456-6j88", "PYSEC-2021-84" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p71t-er3d-9fdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34923?format=api", "vulnerability_id": "VCID-pb2y-jwn1-wbck", "summary": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5488.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5488.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5488", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5488" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70938", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5488" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878945", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878945" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a9479a5b38646fe0b0a9066ee46de9c18de32bfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a9479a5b38646fe0b0a9066ee46de9c18de32bfa" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/c3a98f4e6cf26501485de9c8354c49afdea21df8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/c3a98f4e6cf26501485de9c8354c49afdea21df8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-30.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-30.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5488", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5488" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/04", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/04" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5488", "GHSA-cxw7-85xm-3xrc", "PYSEC-2014-30" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb2y-jwn1-wbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34922?format=api", "vulnerability_id": "VCID-pgrv-sncf-cqca", "summary": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5506.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69934", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5506" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-48.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-48.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/22" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874115", "reference_id": "874115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874115" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5506", "reference_id": "CVE-2012-5506", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5506" }, { "reference_url": "https://github.com/advisories/GHSA-79hj-474h-v4xv", "reference_id": "GHSA-79hj-474h-v4xv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-79hj-474h-v4xv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5506", "GHSA-79hj-474h-v4xv", "PYSEC-2014-48" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgrv-sncf-cqca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35030?format=api", "vulnerability_id": "VCID-pzke-4by2-w3hk", "summary": "Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45909", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4042" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4042" }, { "reference_url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/20/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9615?format=api", "purl": "pkg:pypi/plone@4.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/9622?format=api", "purl": "pkg:pypi/plone@5.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/9714?format=api", "purl": "pkg:pypi/plone@5.1a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2" } ], "aliases": [ "CVE-2016-4042", "GHSA-v4vj-49m5-wjhw", "PYSEC-2017-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pzke-4by2-w3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35804?format=api", "vulnerability_id": "VCID-q7nt-b3s9-9kf6", "summary": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52244", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33507" }, { "reference_url": "https://github.com/advisories/GHSA-35rg-466w-77h3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35rg-466w-77h3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33507", "reference_id": "CVE-2021-33507", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33507", "GHSA-35rg-466w-77h3", "PYSEC-2021-79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35802?format=api", "vulnerability_id": "VCID-r52t-hx1j-ufa1", "summary": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50859", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33508" }, { "reference_url": "https://github.com/advisories/GHSA-rmpv-rcp6-v8wc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmpv-rcp6-v8wc" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33508", "reference_id": "CVE-2021-33508", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33508" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33508", "GHSA-rmpv-rcp6-v8wc", "PYSEC-2021-80" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34845?format=api", "vulnerability_id": "VCID-s84e-bb7w-5qht", "summary": "member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66242", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4197", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4197", "GHSA-jjvw-3h9j-p7jf", "PYSEC-2014-61" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s84e-bb7w-5qht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34844?format=api", "vulnerability_id": "VCID-shjb-m9k6-uuf1", "summary": "(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65442", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199", "reference_id": "CVE-2013-4199", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199" }, { "reference_url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m", "reference_id": "GHSA-xfjq-9rxq-ph6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4199", "GHSA-xfjq-9rxq-ph6m", "PYSEC-2014-63" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shjb-m9k6-uuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34911?format=api", "vulnerability_id": "VCID-svbc-dj3m-t7av", "summary": "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5497.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5497.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5497" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63202", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874681", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874681" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a9479a5b38646fe0b0a9066ee46de9c18de32bfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a9479a5b38646fe0b0a9066ee46de9c18de32bfa" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/c3a98f4e6cf26501485de9c8354c49afdea21df8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/c3a98f4e6cf26501485de9c8354c49afdea21df8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-39.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5497" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/13" }, { "reference_url": "https://web.archive.org/web/20131103175056/https://plone.org/products/plone/security/advisories/20121106/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131103175056/https://plone.org/products/plone/security/advisories/20121106/13" }, { "reference_url": "https://web.archive.org/web/20131114082527/https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131114082527/https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5497", "GHSA-683w-84m7-p8pw", "PYSEC-2014-39" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svbc-dj3m-t7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34934?format=api", "vulnerability_id": "VCID-tc7w-wttv-vfed", "summary": "The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5508.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58243", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5508" }, { "reference_url": "https://bugs.launchpad.net/zope2/+bug/1071067", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/zope2/+bug/1071067" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-50.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-50.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121124", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121124" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/24" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874108", "reference_id": "874108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5508", "reference_id": "CVE-2012-5508", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5508" }, { "reference_url": "https://github.com/advisories/GHSA-wprr-mc54-c62q", "reference_id": "GHSA-wprr-mc54-c62q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wprr-mc54-c62q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5508", "GHSA-wprr-mc54-c62q", "PYSEC-2014-50" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc7w-wttv-vfed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34852?format=api", "vulnerability_id": "VCID-ud5f-7gx8-83d6", "summary": "The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196", "reference_id": "CVE-2013-4196", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196" }, { "reference_url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj", "reference_id": "GHSA-qphh-5fv5-2mjj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4196", "GHSA-qphh-5fv5-2mjj", "PYSEC-2014-60" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud5f-7gx8-83d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34734?format=api", "vulnerability_id": "VCID-uqe7-n3uh-zfac", "summary": "Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", "references": [ { "reference_url": "http://osvdb.org/72727", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/72727" }, { "reference_url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0151", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:0151" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67536", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=711494", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711494" }, { "reference_url": "http://secunia.com/advisories/44775", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44775" }, { "reference_url": "http://secunia.com/advisories/44776", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44776" }, { "reference_url": "http://securityreason.com/securityalert/8269", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/8269" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml" }, { "reference_url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/48005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/48005" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2011-1948", "reference_id": "CVE-2011-1948", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2011-1948" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1948", "reference_id": "CVE-2011-1948", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1948" }, { "reference_url": "https://github.com/advisories/GHSA-p7h9-vf92-5fj5", "reference_id": "GHSA-p7h9-vf92-5fj5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7h9-vf92-5fj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" } ], "aliases": [ "CVE-2011-1948", "GHSA-p7h9-vf92-5fj5", "PYSEC-2011-14" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqe7-n3uh-zfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34916?format=api", "vulnerability_id": "VCID-uykg-p1e9-mfd8", "summary": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1194" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5499.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-5499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-5499" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75854", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874657", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874657" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-41.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5499" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/15" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5499", "GHSA-wrf2-2rch-cmr9", "PYSEC-2014-41" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uykg-p1e9-mfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34921?format=api", "vulnerability_id": "VCID-vr9k-9xch-4yc7", "summary": "ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5503.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5503" }, { "reference_url": "https://github.com/advisories/GHSA-prr5-pfr8-q9f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prr5-pfr8-q9f3" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-45.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-45.yaml" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/19" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874150", "reference_id": "874150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874150" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5503", "reference_id": "CVE-2012-5503", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5503", "GHSA-prr5-pfr8-q9f3", "PYSEC-2014-45" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr9k-9xch-4yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34872?format=api", "vulnerability_id": "VCID-w2mv-zekv-8fcv", "summary": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4945", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7061" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml" }, { "reference_url": "https://plone.org/security/20131210/catalogue-exposure", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/catalogue-exposure" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20131210", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20131210" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/10/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040379", "reference_id": "1040379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040379" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7061", "reference_id": "CVE-2013-7061", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7061" }, { "reference_url": "https://github.com/advisories/GHSA-4vr8-r7qr-fpvq", "reference_id": "GHSA-4vr8-r7qr-fpvq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4vr8-r7qr-fpvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8152?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7061", "GHSA-4vr8-r7qr-fpvq", "PYSEC-2014-66", "PYSEC-2014-68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2mv-zekv-8fcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35803?format=api", "vulnerability_id": "VCID-x2xm-hpc2-uubq", "summary": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.75182", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33509" }, { "reference_url": "https://github.com/advisories/GHSA-hm2p-fhwx-9285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm2p-fhwx-9285" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33509", "reference_id": "CVE-2021-33509", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33509" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22026?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33509", "GHSA-hm2p-fhwx-9285", "PYSEC-2021-81" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34905?format=api", "vulnerability_id": "VCID-x6y6-xx1a-7kfd", "summary": "Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35497", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5502" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-44.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-44.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5502", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5502" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/18" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874643", "reference_id": "874643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5502", "GHSA-hr59-35cr-qf43", "PYSEC-2014-44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6y6-xx1a-7kfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34853?format=api", "vulnerability_id": "VCID-x8n5-qj35-eqb1", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49148", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4190", "GHSA-89rq-27xp-vgv7", "PYSEC-2014-54" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8n5-qj35-eqb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34917?format=api", "vulnerability_id": "VCID-xpq8-npn5-kyb9", "summary": "z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5491" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-33.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-33.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5491", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5491" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/07", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/07" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=874131", "reference_id": "874131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5491", "GHSA-f8pg-wp5j-rjxx", "PYSEC-2014-33" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpq8-npn5-kyb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35034?format=api", "vulnerability_id": "VCID-yfkz-3xu3-vyc9", "summary": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65955", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone" }, { "reference_url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464", "reference_id": "1373464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139", "reference_id": "CVE-2016-7139", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139" }, { "reference_url": "https://github.com/advisories/GHSA-pp4c-2692-7f37", "reference_id": "GHSA-pp4c-2692-7f37", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pp4c-2692-7f37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9623?format=api", "purl": "pkg:pypi/plone@5.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7139", "GHSA-pp4c-2692-7f37", "PYSEC-2017-62" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfkz-3xu3-vyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34745?format=api", "vulnerability_id": "VCID-yhzr-hb68-cfd6", "summary": "Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00925", "scoring_system": "epss", "scoring_elements": "0.76405", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4462" }, { "reference_url": "http://secunia.com/advisories/47406", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/47406" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018" }, { "reference_url": "https://github.com/advisories/GHSA-pcwm-8jc3-qxvj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcwm-8jc3-qxvj" }, { "reference_url": "https://github.com/plone/plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-22.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-22.yaml" }, { "reference_url": "http://www.kb.cert.org/vuls/id/903934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/903934" }, { "reference_url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=781683", "reference_id": "781683", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=781683" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4462", "reference_id": "CVE-2011-4462", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4462" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2011-003.html", "reference_id": "CVE-2011-4885;OSVDB-78115", "reference_type": "exploit", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ocert.org/advisories/ocert-2011-003.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7180?format=api", "purl": "pkg:pypi/plone@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.4" } ], "aliases": [ "CVE-2011-4462", "GHSA-pcwm-8jc3-qxvj", "PYSEC-2011-22" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhzr-hb68-cfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34854?format=api", "vulnerability_id": "VCID-ykmg-jcfe-8qf4", "summary": "Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66242", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4189", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4189" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4189", "GHSA-pwpq-632g-h49g", "PYSEC-2014-53" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmg-jcfe-8qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34850?format=api", "vulnerability_id": "VCID-yuph-y2fa-3uaa", "summary": "The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194", "reference_id": "CVE-2013-4194", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194" }, { "reference_url": "https://github.com/advisories/GHSA-mm32-jw73-9227", "reference_id": "GHSA-mm32-jw73-9227", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm32-jw73-9227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4194", "GHSA-mm32-jw73-9227", "PYSEC-2014-58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuph-y2fa-3uaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34904?format=api", "vulnerability_id": "VCID-zd73-fvwg-nbgx", "summary": "The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5487.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71409", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5487" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-29.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5487", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5487" }, { "reference_url": "https://plone.org/products/plone-hotfix/releases/20121106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone-hotfix/releases/20121106" }, { "reference_url": "https://plone.org/products/plone/security/advisories/20121106/03", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/products/plone/security/advisories/20121106/03" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=878941", "reference_id": "878941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878941" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7895?format=api", "purl": "pkg:pypi/plone@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/8149?format=api", "purl": "pkg:pypi/plone@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1" } ], "aliases": [ "CVE-2012-5487", "GHSA-9m4g-f42q-vrrh", "PYSEC-2014-29" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd73-fvwg-nbgx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35037?format=api", "vulnerability_id": "VCID-5n6e-cha8-nyb8", "summary": "Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65955", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7138" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1" }, { "reference_url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373442", "reference_id": "1373442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373442" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7138", "reference_id": "CVE-2016-7138", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7138" }, { "reference_url": "https://github.com/advisories/GHSA-v3hp-f8qr-cf3p", "reference_id": "GHSA-v3hp-f8qr-cf3p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3hp-f8qr-cf3p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7138", "GHSA-v3hp-f8qr-cf3p", "PYSEC-2017-61" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5n6e-cha8-nyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35033?format=api", "vulnerability_id": "VCID-ay85-551m-vfej", "summary": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.65251", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7137" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone" }, { "reference_url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373440", "reference_id": "1373440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373440" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7137", "reference_id": "CVE-2016-7137", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7137" }, { "reference_url": "https://github.com/advisories/GHSA-69vh-662j-v988", "reference_id": "GHSA-69vh-662j-v988", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-69vh-662j-v988" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7137", "GHSA-69vh-662j-v988", "PYSEC-2017-60" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ay85-551m-vfej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35115?format=api", "vulnerability_id": "VCID-fqcf-4say-h7g8", "summary": "Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7318.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62908", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7318" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-54.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7318", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7318" }, { "reference_url": "https://plone.org/security/hotfix/20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910" }, { "reference_url": "https://plone.org/security/hotfix/20150910/header-injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/header-injection" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" } ], "aliases": [ "CVE-2015-7318", "GHSA-fq9r-8jpm-2222", "PYSEC-2017-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqcf-4say-h7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35116?format=api", "vulnerability_id": "VCID-h4kd-eh8g-gude", "summary": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66767", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316" }, { "reference_url": "https://plone.org/security/20150910/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/" }, { "reference_url": "https://plone.org/security/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20150910" }, { "reference_url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/154250?format=api", "purl": "pkg:pypi/plone@3.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/154251?format=api", "purl": "pkg:pypi/plone@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/7138?format=api", "purl": "pkg:pypi/plone@4.1a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/154252?format=api", "purl": "pkg:pypi/plone@4.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/8140?format=api", "purl": "pkg:pypi/plone@4.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-b2az-q6wv-eyhw" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/154254?format=api", "purl": "pkg:pypi/plone@4.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/8147?format=api", "purl": "pkg:pypi/plone@4.3a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9612?format=api", "purl": "pkg:pypi/plone@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/9708?format=api", "purl": "pkg:pypi/plone@5.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2" } ], "aliases": [ "CVE-2015-7316", "GHSA-vf8g-m3vq-6p4p", "PYSEC-2017-53" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35472?format=api", "vulnerability_id": "VCID-vgga-a2ga-t3hw", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.7377", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/467", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/467" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/485", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/485" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-OFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-OFS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392", "reference_id": "1040392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062", "reference_id": "CVE-2013-7062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062" }, { "reference_url": "https://github.com/advisories/GHSA-4793-w44w-m7xm", "reference_id": "GHSA-4793-w44w-m7xm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4793-w44w-m7xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7101?format=api", "purl": "pkg:pypi/plone@3.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-fqcf-4say-h7g8" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7136?format=api", "purl": "pkg:pypi/plone@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/7137?format=api", "purl": "pkg:pypi/plone@4.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/8139?format=api", "purl": "pkg:pypi/plone@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/8140?format=api", "purl": "pkg:pypi/plone@4.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-b2az-q6wv-eyhw" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/8147?format=api", "purl": "pkg:pypi/plone@4.3a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/8152?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7062", "GHSA-4793-w44w-m7xm", "PYSEC-2020-218" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgga-a2ga-t3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35113?format=api", "vulnerability_id": "VCID-wuas-tkd4-rkd4", "summary": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6331", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7315" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7315" }, { "reference_url": "https://plone.org/security/20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910" }, { "reference_url": "https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members" }, { "reference_url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20150910" }, { "reference_url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7138?format=api", "purl": "pkg:pypi/plone@4.1a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/8140?format=api", "purl": "pkg:pypi/plone@4.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-b2az-q6wv-eyhw" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/8147?format=api", "purl": "pkg:pypi/plone@4.3a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9612?format=api", "purl": "pkg:pypi/plone@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/9708?format=api", "purl": "pkg:pypi/plone@5.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2" } ], "aliases": [ "CVE-2015-7315", "GHSA-984m-rj28-8c6x", "PYSEC-2017-52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wuas-tkd4-rkd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35034?format=api", "vulnerability_id": "VCID-yfkz-3xu3-vyc9", "summary": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65955", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone" }, { "reference_url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464", "reference_id": "1373464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139", "reference_id": "CVE-2016-7139", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139" }, { "reference_url": "https://github.com/advisories/GHSA-pp4c-2692-7f37", "reference_id": "GHSA-pp4c-2692-7f37", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pp4c-2692-7f37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9623?format=api", "purl": "pkg:pypi/plone@5.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7139", "GHSA-pp4c-2692-7f37", "PYSEC-2017-62" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfkz-3xu3-vyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35036?format=api", "vulnerability_id": "VCID-zy2g-gzmk-1qcz", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65955", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7140" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373466", "reference_id": "1373466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373466" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7140", "reference_id": "CVE-2016-7140", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7140" }, { "reference_url": "https://github.com/advisories/GHSA-chvw-gjxf-f8mc", "reference_id": "GHSA-chvw-gjxf-f8mc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-chvw-gjxf-f8mc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7102?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-3buw-zes9-ukg4" }, { "vulnerability": "VCID-3shf-hh9a-rqdw" }, { "vulnerability": "VCID-4v5e-r5we-tffe" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9a27-8egg-7uam" }, { "vulnerability": "VCID-9dr2-mexa-qfbn" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-9u27-bf7b-x7er" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-d6hq-qfek-1bgu" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-hygx-6n52-u7fz" }, { "vulnerability": "VCID-jhw6-wxz2-qbgd" }, { "vulnerability": "VCID-jvwn-yw13-gfe9" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-nrxp-p6rx-8kdd" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-s84e-bb7w-5qht" }, { "vulnerability": "VCID-shjb-m9k6-uuf1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-ud5f-7gx8-83d6" }, { "vulnerability": "VCID-uqe7-n3uh-zfac" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-x8n5-qj35-eqb1" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-ykmg-jcfe-8qf4" }, { "vulnerability": "VCID-yuph-y2fa-3uaa" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9624?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9625?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-jvvz-bafs-t7gc" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7140", "GHSA-chvw-gjxf-f8mc", "PYSEC-2017-63" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy2g-gzmk-1qcz" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }