| 0 |
| url |
VCID-17w2-gd3m-2qff |
| vulnerability_id |
VCID-17w2-gd3m-2qff |
| summary |
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7136, GHSA-22jm-p2vv-j2hc, PYSEC-2017-59
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-17w2-gd3m-2qff |
|
| 1 |
| url |
VCID-3shf-hh9a-rqdw |
| vulnerability_id |
VCID-3shf-hh9a-rqdw |
| summary |
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4191, GHSA-grwx-4p5v-9g2g, PYSEC-2014-55
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3shf-hh9a-rqdw |
|
| 2 |
| url |
VCID-4v5e-r5we-tffe |
| vulnerability_id |
VCID-4v5e-r5we-tffe |
| summary |
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4200, GHSA-56p3-rrp4-2j82, PYSEC-2014-64
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4v5e-r5we-tffe |
|
| 3 |
| url |
VCID-5n6e-cha8-nyb8 |
| vulnerability_id |
VCID-5n6e-cha8-nyb8 |
| summary |
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.securityfocus.com/bid/92752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/92752 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7138, GHSA-v3hp-f8qr-cf3p, PYSEC-2017-61
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5n6e-cha8-nyb8 |
|
| 4 |
| url |
VCID-5ry7-xy6b-5fag |
| vulnerability_id |
VCID-5ry7-xy6b-5fag |
| summary |
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.16 |
| purl |
pkg:pypi/plone@4.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 1 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 2 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 3 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 4 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 5 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 6 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 15 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 16 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 17 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 18 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 19 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.0 |
| purl |
pkg:pypi/plone@5.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0 |
|
|
| aliases |
CVE-2017-1000483, GHSA-qc57-h2f7-p4hx, PYSEC-2018-72
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ry7-xy6b-5fag |
|
| 5 |
| url |
VCID-6568-4ert-1bau |
| vulnerability_id |
VCID-6568-4ert-1bau |
| summary |
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
http://www.securityfocus.com/bid/95679 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/95679 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
| 2 |
| url |
pkg:pypi/plone@5.1b1 |
| purl |
pkg:pypi/plone@5.1b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1 |
|
|
| aliases |
CVE-2017-5524, GHSA-p5wr-vp8g-q5p4, PYSEC-2017-81
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6568-4ert-1bau |
|
| 6 |
| url |
VCID-69ps-uetw-y3gf |
| vulnerability_id |
VCID-69ps-uetw-y3gf |
| summary |
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.16 |
| purl |
pkg:pypi/plone@4.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 1 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 2 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 3 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 4 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 5 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 6 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 15 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 16 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 17 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 18 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 19 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.0 |
| purl |
pkg:pypi/plone@5.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0 |
|
|
| aliases |
CVE-2017-1000482, GHSA-859j-668v-mrr6, PYSEC-2018-71
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-69ps-uetw-y3gf |
|
| 7 |
| url |
VCID-8rp3-p3qe-x7ej |
| vulnerability_id |
VCID-8rp3-p3qe-x7ej |
| summary |
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.3 |
| purl |
pkg:pypi/plone@5.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 2 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 3 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 4 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 5 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 6 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 7 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 8 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 9 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3 |
|
|
| aliases |
CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej |
|
| 8 |
| url |
VCID-8wkk-84ky-17ak |
| vulnerability_id |
VCID-8wkk-84ky-17ak |
| summary |
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.20 |
| purl |
pkg:pypi/plone@4.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1f3t-a46p-13ca |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 4 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 5 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 6 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 7 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 10 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 11 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 12 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 13 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 14 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 15 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 16 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 17 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 18 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 19 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 20 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.7 |
| purl |
pkg:pypi/plone@5.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7 |
|
| 2 |
| url |
pkg:pypi/plone@5.2.1 |
| purl |
pkg:pypi/plone@5.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8t99-yuxa-ekhm |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1 |
|
| 3 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 3 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 4 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 5 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 6 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 7 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 8 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 9 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 10 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 11 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 12 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7940, GHSA-cw58-gpgw-hwx2, PYSEC-2020-89
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8wkk-84ky-17ak |
|
| 9 |
| url |
VCID-9a27-8egg-7uam |
| vulnerability_id |
VCID-9a27-8egg-7uam |
| summary |
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4188, GHSA-w3pw-qxjj-6prr, PYSEC-2014-52
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9a27-8egg-7uam |
|
| 10 |
| url |
VCID-9dr2-mexa-qfbn |
| vulnerability_id |
VCID-9dr2-mexa-qfbn |
| summary |
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4192, GHSA-f5h9-3hpf-9j8m, PYSEC-2014-56
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9dr2-mexa-qfbn |
|
| 11 |
| url |
VCID-9gu8-dgkr-sua3 |
| vulnerability_id |
VCID-9gu8-dgkr-sua3 |
| summary |
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.20 |
| purl |
pkg:pypi/plone@4.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1f3t-a46p-13ca |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 4 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 5 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 6 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 7 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 10 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 11 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 12 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 13 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 14 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 15 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 16 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 17 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 18 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 19 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 20 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.7 |
| purl |
pkg:pypi/plone@5.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7 |
|
| 2 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 3 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 4 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 5 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 6 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 7 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 8 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 9 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 10 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 11 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 12 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7936, GHSA-82j9-wfcf-9v2h, PYSEC-2020-85
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9gu8-dgkr-sua3 |
|
| 12 |
| url |
VCID-9u27-bf7b-x7er |
| vulnerability_id |
VCID-9u27-bf7b-x7er |
| summary |
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4193, GHSA-6fgf-x7wg-hp8r, PYSEC-2014-57
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9u27-bf7b-x7er |
|
| 13 |
| url |
VCID-ax8a-2g7j-6ya2 |
| vulnerability_id |
VCID-ax8a-2g7j-6ya2 |
| summary |
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2 |
|
| 14 |
| url |
VCID-ay85-551m-vfej |
| vulnerability_id |
VCID-ay85-551m-vfej |
| summary |
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.securityfocus.com/bid/92752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/92752 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7137, GHSA-69vh-662j-v988, PYSEC-2017-60
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ay85-551m-vfej |
|
| 15 |
| url |
VCID-basq-jjsf-3fbd |
| vulnerability_id |
VCID-basq-jjsf-3fbd |
| summary |
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://plone.org/download/releases/5.2.3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://plone.org/download/releases/5.2.3 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.4 |
| purl |
pkg:pypi/plone@5.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1f3t-a46p-13ca |
|
| 1 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 2 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 3 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 4 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 5 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 6 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 7 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 8 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 9 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4 |
|
|
| aliases |
CVE-2021-3313, GHSA-hprr-4vfq-fcxw, PYSEC-2021-78
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd |
|
| 16 |
| url |
VCID-bmwk-nutp-r3fs |
| vulnerability_id |
VCID-bmwk-nutp-r3fs |
| summary |
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 3 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 4 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 5 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 6 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 7 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 8 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 9 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 10 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 11 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 12 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7939, GHSA-hhmf-7rgg-gcw5, PYSEC-2020-88
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bmwk-nutp-r3fs |
|
| 17 |
| url |
VCID-cpwq-sq8b-4yhf |
| vulnerability_id |
VCID-cpwq-sq8b-4yhf |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://www.exploit-db.com/exploits/38411 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/38411 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.0a1 |
| purl |
pkg:pypi/plone@5.0a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 10 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 11 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 12 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 13 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 14 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 21 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 22 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 23 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 24 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1 |
|
|
| aliases |
CVE-2015-7293, GHSA-p3qm-44cf-f8qx, PYSEC-2017-51
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwq-sq8b-4yhf |
|
| 18 |
| url |
VCID-d42u-s7za-a3ad |
| vulnerability_id |
VCID-d42u-s7za-a3ad |
| summary |
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad |
|
| 19 |
| url |
VCID-d6hq-qfek-1bgu |
| vulnerability_id |
VCID-d6hq-qfek-1bgu |
| summary |
User information disclosure
A vulnerability allows unauthorized disclosure of registered user information. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.8 |
| purl |
pkg:pypi/plone@4.3.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 15 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 16 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 17 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 18 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 19 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 20 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 21 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 22 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 23 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 24 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 25 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 26 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 27 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 28 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 29 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 30 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.8 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.1 |
| purl |
pkg:pypi/plone@5.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 2 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 3 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 4 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 5 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 6 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 7 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 8 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 9 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 10 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 11 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 12 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 13 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 14 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 29 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 30 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 31 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 32 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.1 |
|
|
| aliases |
GMS-2015-51
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6hq-qfek-1bgu |
|
| 20 |
| url |
VCID-dg61-tw4u-dbcc |
| vulnerability_id |
VCID-dg61-tw4u-dbcc |
| summary |
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.16 |
| purl |
pkg:pypi/plone@4.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 1 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 2 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 3 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 4 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 5 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 6 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 15 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 16 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 17 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 18 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 19 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.0 |
| purl |
pkg:pypi/plone@5.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0 |
|
|
| aliases |
CVE-2017-1000481, GHSA-8g72-gq68-6gqh, PYSEC-2018-70
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc |
|
| 21 |
| url |
VCID-edq7-7ncc-mbfx |
| vulnerability_id |
VCID-edq7-7ncc-mbfx |
| summary |
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.16 |
| purl |
pkg:pypi/plone@4.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 1 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 2 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 3 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 4 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 5 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 6 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 15 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 16 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 17 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 18 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 19 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16 |
|
| 1 |
| url |
pkg:pypi/plone@5.1.0 |
| purl |
pkg:pypi/plone@5.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 9 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 10 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 11 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 12 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 13 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 14 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 15 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 16 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 17 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0 |
|
|
| aliases |
CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx |
|
| 22 |
| url |
VCID-eu4z-htaq-c3d6 |
| vulnerability_id |
VCID-eu4z-htaq-c3d6 |
| summary |
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6 |
|
| 23 |
|
| 24 |
|
| 25 |
| url |
VCID-h4kd-eh8g-gude |
| vulnerability_id |
VCID-h4kd-eh8g-gude |
| summary |
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.7 |
| purl |
pkg:pypi/plone@4.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 23 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 24 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 25 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 26 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 27 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 28 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 29 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 30 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 31 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7 |
|
| 1 |
| url |
pkg:pypi/plone@5.0rc2 |
| purl |
pkg:pypi/plone@5.0rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 4 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 5 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 6 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 9 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 10 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 11 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 12 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 13 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 14 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 15 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 16 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 17 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 18 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 19 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 20 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 21 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2 |
|
|
| aliases |
CVE-2015-7316, GHSA-vf8g-m3vq-6p4p, PYSEC-2017-53
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude |
|
| 26 |
| url |
VCID-hhux-xufk-ube2 |
| vulnerability_id |
VCID-hhux-xufk-ube2 |
| summary |
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7147, GHSA-84jm-cpc5-c7g7, PYSEC-2017-64
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hhux-xufk-ube2 |
|
| 27 |
| url |
VCID-hygx-6n52-u7fz |
| vulnerability_id |
VCID-hygx-6n52-u7fz |
| summary |
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4198, GHSA-qjxf-6pr8-j87v, PYSEC-2014-62
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hygx-6n52-u7fz |
|
| 28 |
| url |
VCID-j8fv-uhxw-jkcw |
| vulnerability_id |
VCID-j8fv-uhxw-jkcw |
| summary |
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 3 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 4 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 5 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 6 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 7 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 8 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 9 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 10 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 11 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 12 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7941, GHSA-w6g9-xccc-347h, PYSEC-2020-90
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fv-uhxw-jkcw |
|
| 29 |
| url |
VCID-mn7t-zgfw-tqfw |
| vulnerability_id |
VCID-mn7t-zgfw-tqfw |
| summary |
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.securityfocus.com/bid/92752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/92752 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7135, GHSA-m7f9-65wr-pwch, PYSEC-2017-58
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mn7t-zgfw-tqfw |
|
| 30 |
| url |
VCID-n4nh-4rq4-r7hx |
| vulnerability_id |
VCID-n4nh-4rq4-r7hx |
| summary |
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.3 |
| purl |
pkg:pypi/plone@4.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 29 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 30 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 31 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 32 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 33 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3 |
|
|
| aliases |
CVE-2013-7060, GHSA-rg52-j87w-pf83, PYSEC-2014-65, PYSEC-2014-67
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4nh-4rq4-r7hx |
|
| 31 |
| url |
VCID-nrxp-p6rx-8kdd |
| vulnerability_id |
VCID-nrxp-p6rx-8kdd |
| summary |
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4195, GHSA-j67j-8hrp-76xm, PYSEC-2014-59
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nrxp-p6rx-8kdd |
|
| 32 |
|
| 33 |
| url |
VCID-pzke-4by2-w3hk |
| vulnerability_id |
VCID-pzke-4by2-w3hk |
| summary |
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.10 |
| purl |
pkg:pypi/plone@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 15 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 16 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 17 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 18 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 19 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 20 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 21 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 22 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 23 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 24 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 25 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 26 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 27 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 28 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 29 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 30 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.5 |
| purl |
pkg:pypi/plone@5.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 2 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 3 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 4 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 5 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 6 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 7 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 8 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 9 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 10 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 11 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 12 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 13 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 14 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 29 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 30 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 31 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 32 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5 |
|
| 2 |
| url |
pkg:pypi/plone@5.1a2 |
| purl |
pkg:pypi/plone@5.1a2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 3 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 4 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 5 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 6 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 10 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 11 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 12 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 13 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 14 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 15 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 16 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 17 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 20 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 21 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 22 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2 |
|
|
| aliases |
CVE-2016-4042, GHSA-v4vj-49m5-wjhw, PYSEC-2017-56
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pzke-4by2-w3hk |
|
| 34 |
| url |
VCID-q7nt-b3s9-9kf6 |
| vulnerability_id |
VCID-q7nt-b3s9-9kf6 |
| summary |
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6 |
|
| 35 |
| url |
VCID-r52t-hx1j-ufa1 |
| vulnerability_id |
VCID-r52t-hx1j-ufa1 |
| summary |
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1 |
|
| 36 |
| url |
VCID-s84e-bb7w-5qht |
| vulnerability_id |
VCID-s84e-bb7w-5qht |
| summary |
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4197, GHSA-jjvw-3h9j-p7jf, PYSEC-2014-61
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s84e-bb7w-5qht |
|
| 37 |
| url |
VCID-shjb-m9k6-uuf1 |
| vulnerability_id |
VCID-shjb-m9k6-uuf1 |
| summary |
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4199, GHSA-xfjq-9rxq-ph6m, PYSEC-2014-63
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-shjb-m9k6-uuf1 |
|
| 38 |
| url |
VCID-ud5f-7gx8-83d6 |
| vulnerability_id |
VCID-ud5f-7gx8-83d6 |
| summary |
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4196, GHSA-qphh-5fv5-2mjj, PYSEC-2014-60
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ud5f-7gx8-83d6 |
|
| 39 |
| url |
VCID-vgga-a2ga-t3hw |
| vulnerability_id |
VCID-vgga-a2ga-t3hw |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
http://seclists.org/oss-sec/2013/q4/467 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q4/467 |
|
| 3 |
| reference_url |
http://seclists.org/oss-sec/2013/q4/485 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q4/485 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
| 1 |
| url |
pkg:pypi/plone@4.3.3 |
| purl |
pkg:pypi/plone@4.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 29 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 30 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 31 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 32 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 33 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3 |
|
|
| aliases |
CVE-2013-7062, GHSA-4793-w44w-m7xm, PYSEC-2020-218
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgga-a2ga-t3hw |
|
| 40 |
| url |
VCID-w2mv-zekv-8fcv |
| vulnerability_id |
VCID-w2mv-zekv-8fcv |
| summary |
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.3 |
| purl |
pkg:pypi/plone@4.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 29 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 30 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 31 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 32 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 33 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3 |
|
|
| aliases |
CVE-2013-7061, GHSA-4vr8-r7qr-fpvq, PYSEC-2014-66, PYSEC-2014-68
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2mv-zekv-8fcv |
|
| 41 |
| url |
VCID-wuas-tkd4-rkd4 |
| vulnerability_id |
VCID-wuas-tkd4-rkd4 |
| summary |
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.7 |
| purl |
pkg:pypi/plone@4.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 23 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 24 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 25 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 26 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 27 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 28 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 29 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 30 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 31 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7 |
|
| 1 |
| url |
pkg:pypi/plone@5.0rc2 |
| purl |
pkg:pypi/plone@5.0rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 1 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 2 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 3 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 4 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 5 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 6 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 7 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 8 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 9 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 10 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 11 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 12 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 13 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 14 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 15 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 16 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 17 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 18 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 19 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 20 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 21 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2 |
|
|
| aliases |
CVE-2015-7315, GHSA-984m-rj28-8c6x, PYSEC-2017-52
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wuas-tkd4-rkd4 |
|
| 42 |
| url |
VCID-x2xm-hpc2-uubq |
| vulnerability_id |
VCID-x2xm-hpc2-uubq |
| summary |
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq |
|
| 43 |
| url |
VCID-x8n5-qj35-eqb1 |
| vulnerability_id |
VCID-x8n5-qj35-eqb1 |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4190, GHSA-89rq-27xp-vgv7, PYSEC-2014-54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x8n5-qj35-eqb1 |
|
| 44 |
| url |
VCID-yfkz-3xu3-vyc9 |
| vulnerability_id |
VCID-yfkz-3xu3-vyc9 |
| summary |
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.securityfocus.com/bid/92752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/92752 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.6 |
| purl |
pkg:pypi/plone@5.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 2 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 3 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 4 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 5 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 6 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 7 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 8 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 9 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 10 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 11 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 12 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 13 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 14 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 29 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 30 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 31 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 32 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.6 |
|
| 2 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7139, GHSA-pp4c-2692-7f37, PYSEC-2017-62
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yfkz-3xu3-vyc9 |
|
| 45 |
| url |
VCID-ykmg-jcfe-8qf4 |
| vulnerability_id |
VCID-ykmg-jcfe-8qf4 |
| summary |
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4189, GHSA-pwpq-632g-h49g, PYSEC-2014-53
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmg-jcfe-8qf4 |
|
| 46 |
| url |
VCID-yuph-y2fa-3uaa |
| vulnerability_id |
VCID-yuph-y2fa-3uaa |
| summary |
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/oss-sec/2013/q3/261 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://seclists.org/oss-sec/2013/q3/261 |
|
| 5 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.2 |
| purl |
pkg:pypi/plone@4.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-d6hq-qfek-1bgu |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-h4kd-eh8g-gude |
|
| 21 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 22 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-n4nh-4rq4-r7hx |
|
| 25 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 26 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 27 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 28 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 29 |
| vulnerability |
VCID-vgga-a2ga-t3hw |
|
| 30 |
| vulnerability |
VCID-w2mv-zekv-8fcv |
|
| 31 |
| vulnerability |
VCID-wuas-tkd4-rkd4 |
|
| 32 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 33 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 34 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 35 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 36 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2 |
|
|
| aliases |
CVE-2013-4194, GHSA-mm32-jw73-9227, PYSEC-2014-58
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yuph-y2fa-3uaa |
|
| 47 |
| url |
VCID-z4jt-v88h-77er |
| vulnerability_id |
VCID-z4jt-v88h-77er |
| summary |
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z4jt-v88h-77er |
|
| 48 |
| url |
VCID-zwnj-revc-vbd6 |
| vulnerability_id |
VCID-zwnj-revc-vbd6 |
| summary |
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.10 |
| purl |
pkg:pypi/plone@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 2 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 3 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 4 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 5 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 6 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 10 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 11 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 12 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 13 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 14 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 15 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 16 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 17 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 18 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 19 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 20 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 21 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 22 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 23 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 24 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 25 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 26 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 27 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 28 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 29 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 30 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.5 |
| purl |
pkg:pypi/plone@5.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17w2-gd3m-2qff |
|
| 1 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 2 |
| vulnerability |
VCID-5n6e-cha8-nyb8 |
|
| 3 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 4 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 5 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 6 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 7 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 8 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 9 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 10 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 11 |
| vulnerability |
VCID-ay85-551m-vfej |
|
| 12 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 13 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 14 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 15 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 16 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 17 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 18 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 19 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 20 |
| vulnerability |
VCID-hhux-xufk-ube2 |
|
| 21 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 22 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 23 |
| vulnerability |
VCID-mn7t-zgfw-tqfw |
|
| 24 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 25 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 26 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 27 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 28 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 29 |
| vulnerability |
VCID-yfkz-3xu3-vyc9 |
|
| 30 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 31 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
| 32 |
| vulnerability |
VCID-zy2g-gzmk-1qcz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5 |
|
| 2 |
| url |
pkg:pypi/plone@5.1a2 |
| purl |
pkg:pypi/plone@5.1a2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-6568-4ert-1bau |
|
| 3 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 4 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 5 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 6 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 7 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 8 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 9 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 10 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 11 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 12 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 13 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 14 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 15 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 16 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 17 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 20 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 21 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 22 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2 |
|
|
| aliases |
CVE-2016-4041, GHSA-qqgj-22gr-73vx, PYSEC-2017-55
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwnj-revc-vbd6 |
|
| 49 |
| url |
VCID-zy2g-gzmk-1qcz |
| vulnerability_id |
VCID-zy2g-gzmk-1qcz |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@4.3.12 |
| purl |
pkg:pypi/plone@4.3.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 1 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 2 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 3 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 4 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 5 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 6 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 7 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 8 |
| vulnerability |
VCID-cpwq-sq8b-4yhf |
|
| 9 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 10 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 11 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 12 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 13 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 14 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 15 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 16 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 17 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 18 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 19 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 20 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 21 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 22 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12 |
|
| 1 |
| url |
pkg:pypi/plone@5.0.7 |
| purl |
pkg:pypi/plone@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29gf-82fr-k3h8 |
|
| 1 |
| vulnerability |
VCID-5ry7-xy6b-5fag |
|
| 2 |
| vulnerability |
VCID-69ps-uetw-y3gf |
|
| 3 |
| vulnerability |
VCID-8rp3-p3qe-x7ej |
|
| 4 |
| vulnerability |
VCID-8wkk-84ky-17ak |
|
| 5 |
| vulnerability |
VCID-951j-w95x-83g8 |
|
| 6 |
| vulnerability |
VCID-9gu8-dgkr-sua3 |
|
| 7 |
| vulnerability |
VCID-ax8a-2g7j-6ya2 |
|
| 8 |
| vulnerability |
VCID-basq-jjsf-3fbd |
|
| 9 |
| vulnerability |
VCID-bmwk-nutp-r3fs |
|
| 10 |
| vulnerability |
VCID-d42u-s7za-a3ad |
|
| 11 |
| vulnerability |
VCID-dg61-tw4u-dbcc |
|
| 12 |
| vulnerability |
VCID-edq7-7ncc-mbfx |
|
| 13 |
| vulnerability |
VCID-eu4z-htaq-c3d6 |
|
| 14 |
| vulnerability |
VCID-exan-4j3e-2qeh |
|
| 15 |
| vulnerability |
VCID-fdpc-runu-ekah |
|
| 16 |
| vulnerability |
VCID-j8fv-uhxw-jkcw |
|
| 17 |
| vulnerability |
VCID-jvvz-bafs-t7gc |
|
| 18 |
| vulnerability |
VCID-p71t-er3d-9fdn |
|
| 19 |
| vulnerability |
VCID-pzke-4by2-w3hk |
|
| 20 |
| vulnerability |
VCID-q7nt-b3s9-9kf6 |
|
| 21 |
| vulnerability |
VCID-r52t-hx1j-ufa1 |
|
| 22 |
| vulnerability |
VCID-x2xm-hpc2-uubq |
|
| 23 |
| vulnerability |
VCID-z4jt-v88h-77er |
|
| 24 |
| vulnerability |
VCID-zwnj-revc-vbd6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7 |
|
|
| aliases |
CVE-2016-7140, GHSA-chvw-gjxf-f8mc, PYSEC-2017-63
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zy2g-gzmk-1qcz |
|