Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/plone@5.0b2
Typepypi
Namespace
Nameplone
Version5.0b2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.5
Latest_non_vulnerable_version6.0.7
Affected_by_vulnerabilities
0
url VCID-2jxf-hfxq-skg7
vulnerability_id VCID-2jxf-hfxq-skg7
summary A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7941
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.70352
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7941
1
reference_url https://github.com/plone/plone.app.contenttypes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/plone.app.contenttypes
2
reference_url https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7941
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7941
5
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
6
reference_url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
7
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
8
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36xh-ua3s-gyfr
1
vulnerability VCID-3n34-5rm7-nbcj
2
vulnerability VCID-5e2c-6mkx-4udu
3
vulnerability VCID-5z33-3pqj-gygw
4
vulnerability VCID-9ze6-mfrw-ukdv
5
vulnerability VCID-d68e-uehc-nudc
6
vulnerability VCID-dnu9-u6zt-c7ch
7
vulnerability VCID-pv2n-2y41-pbg5
8
vulnerability VCID-r61f-p8nh-2bax
9
vulnerability VCID-r874-3h26-j3fp
10
vulnerability VCID-sa7x-wvn1-skh1
11
vulnerability VCID-tfmu-7tad-xbbe
12
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7941, GHSA-w6g9-xccc-347h, PYSEC-2020-90
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jxf-hfxq-skg7
1
url VCID-36xh-ua3s-gyfr
vulnerability_id VCID-36xh-ua3s-gyfr
summary Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28736
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65579
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28736
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-2c8c-84w2-j38j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2c8c-84w2-j38j
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28736
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28736
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3n34-5rm7-nbcj
1
vulnerability VCID-5e2c-6mkx-4udu
2
vulnerability VCID-9ze6-mfrw-ukdv
3
vulnerability VCID-ccuu-86vs-s3gs
4
vulnerability VCID-d68e-uehc-nudc
5
vulnerability VCID-dnu9-u6zt-c7ch
6
vulnerability VCID-pv2n-2y41-pbg5
7
vulnerability VCID-r61f-p8nh-2bax
8
vulnerability VCID-r874-3h26-j3fp
9
vulnerability VCID-sa7x-wvn1-skh1
10
vulnerability VCID-tfmu-7tad-xbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36xh-ua3s-gyfr
2
url VCID-3n34-5rm7-nbcj
vulnerability_id VCID-3n34-5rm7-nbcj
summary Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33510
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30603
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33510
1
reference_url https://github.com/advisories/GHSA-4mg4-wvmx-5332
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4mg4-wvmx-5332
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33510
5
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3n34-5rm7-nbcj
3
url VCID-3s9q-6gvu-qyef
vulnerability_id VCID-3s9q-6gvu-qyef
summary Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7940
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.56976
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7940
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7940
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7940
4
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
5
reference_url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
6
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
7
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.1.7
purl pkg:pypi/plone@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-3s9q-6gvu-qyef
4
vulnerability VCID-5e2c-6mkx-4udu
5
vulnerability VCID-5z33-3pqj-gygw
6
vulnerability VCID-9ze6-mfrw-ukdv
7
vulnerability VCID-c3we-w4qc-6fhs
8
vulnerability VCID-d68e-uehc-nudc
9
vulnerability VCID-dnu9-u6zt-c7ch
10
vulnerability VCID-gejv-h449-13e4
11
vulnerability VCID-pv2n-2y41-pbg5
12
vulnerability VCID-r61f-p8nh-2bax
13
vulnerability VCID-r874-3h26-j3fp
14
vulnerability VCID-sa7x-wvn1-skh1
15
vulnerability VCID-tfmu-7tad-xbbe
16
vulnerability VCID-wage-1bme-bkgb
17
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7
1
url pkg:pypi/plone@5.2.1
purl pkg:pypi/plone@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-5e2c-6mkx-4udu
4
vulnerability VCID-5z33-3pqj-gygw
5
vulnerability VCID-9ze6-mfrw-ukdv
6
vulnerability VCID-c3we-w4qc-6fhs
7
vulnerability VCID-d68e-uehc-nudc
8
vulnerability VCID-dnu9-u6zt-c7ch
9
vulnerability VCID-gejv-h449-13e4
10
vulnerability VCID-hmam-sbwn-afh2
11
vulnerability VCID-pv2n-2y41-pbg5
12
vulnerability VCID-r61f-p8nh-2bax
13
vulnerability VCID-r874-3h26-j3fp
14
vulnerability VCID-sa7x-wvn1-skh1
15
vulnerability VCID-tfmu-7tad-xbbe
16
vulnerability VCID-wage-1bme-bkgb
17
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1
2
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36xh-ua3s-gyfr
1
vulnerability VCID-3n34-5rm7-nbcj
2
vulnerability VCID-5e2c-6mkx-4udu
3
vulnerability VCID-5z33-3pqj-gygw
4
vulnerability VCID-9ze6-mfrw-ukdv
5
vulnerability VCID-d68e-uehc-nudc
6
vulnerability VCID-dnu9-u6zt-c7ch
7
vulnerability VCID-pv2n-2y41-pbg5
8
vulnerability VCID-r61f-p8nh-2bax
9
vulnerability VCID-r874-3h26-j3fp
10
vulnerability VCID-sa7x-wvn1-skh1
11
vulnerability VCID-tfmu-7tad-xbbe
12
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7940, GHSA-cw58-gpgw-hwx2, PYSEC-2020-89
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9q-6gvu-qyef
4
url VCID-4bjr-mjug-gqd2
vulnerability_id VCID-4bjr-mjug-gqd2
summary Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63273
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7315
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
2
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
3
reference_url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016
4
reference_url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml
6
reference_url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7315
8
reference_url https://plone.org/security/20150910
reference_id
reference_type
scores
url https://plone.org/security/20150910
9
reference_url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
10
reference_url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
11
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
12
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
13
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/13
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/13
fixed_packages
0
url pkg:pypi/plone@5.0rc2
purl pkg:pypi/plone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-3s9q-6gvu-qyef
4
vulnerability VCID-5e2c-6mkx-4udu
5
vulnerability VCID-5z33-3pqj-gygw
6
vulnerability VCID-9ze6-mfrw-ukdv
7
vulnerability VCID-d68e-uehc-nudc
8
vulnerability VCID-fga8-ymex-67fw
9
vulnerability VCID-gejv-h449-13e4
10
vulnerability VCID-gsnt-c1cd-d3bf
11
vulnerability VCID-jn3b-smfx-87gg
12
vulnerability VCID-pv2n-2y41-pbg5
13
vulnerability VCID-r61f-p8nh-2bax
14
vulnerability VCID-r874-3h26-j3fp
15
vulnerability VCID-s5ab-nud4-5qdg
16
vulnerability VCID-sa7x-wvn1-skh1
17
vulnerability VCID-tfmu-7tad-xbbe
18
vulnerability VCID-ugq4-1vzc-6uh5
19
vulnerability VCID-w2u3-bnqq-mqfz
20
vulnerability VCID-wage-1bme-bkgb
21
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2
aliases CVE-2015-7315, GHSA-984m-rj28-8c6x, PYSEC-2017-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bjr-mjug-gqd2
5
url VCID-5e2c-6mkx-4udu
vulnerability_id VCID-5e2c-6mkx-4udu
summary Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33511
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51216
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33511
1
reference_url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33511
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33511
5
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e2c-6mkx-4udu
6
url VCID-5z33-3pqj-gygw
vulnerability_id VCID-5z33-3pqj-gygw
summary Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28734
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65579
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28734
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-wq6x-g685-w5f2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wq6x-g685-w5f2
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28734
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28734
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3n34-5rm7-nbcj
1
vulnerability VCID-5e2c-6mkx-4udu
2
vulnerability VCID-9ze6-mfrw-ukdv
3
vulnerability VCID-ccuu-86vs-s3gs
4
vulnerability VCID-d68e-uehc-nudc
5
vulnerability VCID-dnu9-u6zt-c7ch
6
vulnerability VCID-pv2n-2y41-pbg5
7
vulnerability VCID-r61f-p8nh-2bax
8
vulnerability VCID-r874-3h26-j3fp
9
vulnerability VCID-sa7x-wvn1-skh1
10
vulnerability VCID-tfmu-7tad-xbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28734, GHSA-wq6x-g685-w5f2, PYSEC-2020-246
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5z33-3pqj-gygw
7
url VCID-9ze6-mfrw-ukdv
vulnerability_id VCID-9ze6-mfrw-ukdv
summary Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33513
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.53803
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33513
1
reference_url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33513
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33513
5
reference_url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ze6-mfrw-ukdv
8
url VCID-d68e-uehc-nudc
vulnerability_id VCID-d68e-uehc-nudc
summary Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33509
reference_id
reference_type
scores
0
value 0.00846
scoring_system epss
scoring_elements 0.75136
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33509
1
reference_url https://github.com/advisories/GHSA-hm2p-fhwx-9285
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hm2p-fhwx-9285
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33509
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33509
5
reference_url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d68e-uehc-nudc
9
url VCID-fga8-ymex-67fw
vulnerability_id VCID-fga8-ymex-67fw
summary By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000484
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41478
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000484
1
reference_url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
5
reference_url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
reference_id CVE-2017-1000484
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
fixed_packages
0
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-3s9q-6gvu-qyef
4
vulnerability VCID-5e2c-6mkx-4udu
5
vulnerability VCID-5z33-3pqj-gygw
6
vulnerability VCID-9ze6-mfrw-ukdv
7
vulnerability VCID-c3we-w4qc-6fhs
8
vulnerability VCID-d68e-uehc-nudc
9
vulnerability VCID-dnu9-u6zt-c7ch
10
vulnerability VCID-gejv-h449-13e4
11
vulnerability VCID-pv2n-2y41-pbg5
12
vulnerability VCID-r61f-p8nh-2bax
13
vulnerability VCID-r874-3h26-j3fp
14
vulnerability VCID-sa7x-wvn1-skh1
15
vulnerability VCID-tfmu-7tad-xbbe
16
vulnerability VCID-wage-1bme-bkgb
17
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fga8-ymex-67fw
10
url VCID-gejv-h449-13e4
vulnerability_id VCID-gejv-h449-13e4
summary An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7936
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.56966
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7936
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7936
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7936
4
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
5
reference_url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
6
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
7
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.1.7
purl pkg:pypi/plone@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-3s9q-6gvu-qyef
4
vulnerability VCID-5e2c-6mkx-4udu
5
vulnerability VCID-5z33-3pqj-gygw
6
vulnerability VCID-9ze6-mfrw-ukdv
7
vulnerability VCID-c3we-w4qc-6fhs
8
vulnerability VCID-d68e-uehc-nudc
9
vulnerability VCID-dnu9-u6zt-c7ch
10
vulnerability VCID-gejv-h449-13e4
11
vulnerability VCID-pv2n-2y41-pbg5
12
vulnerability VCID-r61f-p8nh-2bax
13
vulnerability VCID-r874-3h26-j3fp
14
vulnerability VCID-sa7x-wvn1-skh1
15
vulnerability VCID-tfmu-7tad-xbbe
16
vulnerability VCID-wage-1bme-bkgb
17
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7
1
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36xh-ua3s-gyfr
1
vulnerability VCID-3n34-5rm7-nbcj
2
vulnerability VCID-5e2c-6mkx-4udu
3
vulnerability VCID-5z33-3pqj-gygw
4
vulnerability VCID-9ze6-mfrw-ukdv
5
vulnerability VCID-d68e-uehc-nudc
6
vulnerability VCID-dnu9-u6zt-c7ch
7
vulnerability VCID-pv2n-2y41-pbg5
8
vulnerability VCID-r61f-p8nh-2bax
9
vulnerability VCID-r874-3h26-j3fp
10
vulnerability VCID-sa7x-wvn1-skh1
11
vulnerability VCID-tfmu-7tad-xbbe
12
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7936, GHSA-82j9-wfcf-9v2h, PYSEC-2020-85
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gejv-h449-13e4
11
url VCID-gsnt-c1cd-d3bf
vulnerability_id VCID-gsnt-c1cd-d3bf
summary Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4042
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45904
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4042
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4042
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4042
4
reference_url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
5
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/04/20/2
fixed_packages
0
url pkg:pypi/plone@5.0.5
purl pkg:pypi/plone@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36rb-6jkw-j7d8
3
vulnerability VCID-36xh-ua3s-gyfr
4
vulnerability VCID-3n34-5rm7-nbcj
5
vulnerability VCID-3s9q-6gvu-qyef
6
vulnerability VCID-43m1-jkv8-jygp
7
vulnerability VCID-5e2c-6mkx-4udu
8
vulnerability VCID-5kaj-zugj-mbh1
9
vulnerability VCID-5z33-3pqj-gygw
10
vulnerability VCID-6898-z4k5-h3b6
11
vulnerability VCID-9ze6-mfrw-ukdv
12
vulnerability VCID-c3we-w4qc-6fhs
13
vulnerability VCID-d68e-uehc-nudc
14
vulnerability VCID-dnu9-u6zt-c7ch
15
vulnerability VCID-fga8-ymex-67fw
16
vulnerability VCID-gejv-h449-13e4
17
vulnerability VCID-gsnt-c1cd-d3bf
18
vulnerability VCID-jn3b-smfx-87gg
19
vulnerability VCID-m91w-vguw-qkem
20
vulnerability VCID-njnv-5cwt-4ygy
21
vulnerability VCID-pv2n-2y41-pbg5
22
vulnerability VCID-r61f-p8nh-2bax
23
vulnerability VCID-r874-3h26-j3fp
24
vulnerability VCID-s5ab-nud4-5qdg
25
vulnerability VCID-sa7x-wvn1-skh1
26
vulnerability VCID-sg6k-wdwq-9bgd
27
vulnerability VCID-tfmu-7tad-xbbe
28
vulnerability VCID-ugq4-1vzc-6uh5
29
vulnerability VCID-wage-1bme-bkgb
30
vulnerability VCID-y2bq-cb4v-mke6
31
vulnerability VCID-ymbd-m6tf-5bap
32
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5
1
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36xh-ua3s-gyfr
3
vulnerability VCID-3n34-5rm7-nbcj
4
vulnerability VCID-3s9q-6gvu-qyef
5
vulnerability VCID-43m1-jkv8-jygp
6
vulnerability VCID-5e2c-6mkx-4udu
7
vulnerability VCID-5z33-3pqj-gygw
8
vulnerability VCID-9ze6-mfrw-ukdv
9
vulnerability VCID-c3we-w4qc-6fhs
10
vulnerability VCID-d68e-uehc-nudc
11
vulnerability VCID-dnu9-u6zt-c7ch
12
vulnerability VCID-fga8-ymex-67fw
13
vulnerability VCID-gejv-h449-13e4
14
vulnerability VCID-pv2n-2y41-pbg5
15
vulnerability VCID-r61f-p8nh-2bax
16
vulnerability VCID-r874-3h26-j3fp
17
vulnerability VCID-sa7x-wvn1-skh1
18
vulnerability VCID-tfmu-7tad-xbbe
19
vulnerability VCID-ugq4-1vzc-6uh5
20
vulnerability VCID-wage-1bme-bkgb
21
vulnerability VCID-y2bq-cb4v-mke6
22
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4042, GHSA-v4vj-49m5-wjhw, PYSEC-2017-56
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsnt-c1cd-d3bf
12
url VCID-pv2n-2y41-pbg5
vulnerability_id VCID-pv2n-2y41-pbg5
summary Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33507
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52225
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33507
1
reference_url https://github.com/advisories/GHSA-35rg-466w-77h3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-35rg-466w-77h3
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33507
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33507
4
reference_url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
5
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pv2n-2y41-pbg5
13
url VCID-r61f-p8nh-2bax
vulnerability_id VCID-r61f-p8nh-2bax
summary An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33926
reference_id
reference_type
scores
0
value 0.00501
scoring_system epss
scoring_elements 0.66328
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33926
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
3
reference_url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
4
reference_url https://plone.org/security/hotfix/20210518
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://plone.org/security/hotfix/20210518
5
reference_url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
reference_id CVE-2021-33926
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
7
reference_url https://github.com/advisories/GHSA-47p5-p3jw-w78w
reference_id GHSA-47p5-p3jw-w78w
reference_type
scores
url https://github.com/advisories/GHSA-47p5-p3jw-w78w
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r61f-p8nh-2bax
14
url VCID-r874-3h26-j3fp
vulnerability_id VCID-r874-3h26-j3fp
summary Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33508
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.5084
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33508
1
reference_url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33508
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33508
5
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r874-3h26-j3fp
15
url VCID-s5ab-nud4-5qdg
vulnerability_id VCID-s5ab-nud4-5qdg
summary Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4041
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62764
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4041
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4041
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4041
4
reference_url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
5
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/04/20/1
fixed_packages
0
url pkg:pypi/plone@5.0.5
purl pkg:pypi/plone@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36rb-6jkw-j7d8
3
vulnerability VCID-36xh-ua3s-gyfr
4
vulnerability VCID-3n34-5rm7-nbcj
5
vulnerability VCID-3s9q-6gvu-qyef
6
vulnerability VCID-43m1-jkv8-jygp
7
vulnerability VCID-5e2c-6mkx-4udu
8
vulnerability VCID-5kaj-zugj-mbh1
9
vulnerability VCID-5z33-3pqj-gygw
10
vulnerability VCID-6898-z4k5-h3b6
11
vulnerability VCID-9ze6-mfrw-ukdv
12
vulnerability VCID-c3we-w4qc-6fhs
13
vulnerability VCID-d68e-uehc-nudc
14
vulnerability VCID-dnu9-u6zt-c7ch
15
vulnerability VCID-fga8-ymex-67fw
16
vulnerability VCID-gejv-h449-13e4
17
vulnerability VCID-gsnt-c1cd-d3bf
18
vulnerability VCID-jn3b-smfx-87gg
19
vulnerability VCID-m91w-vguw-qkem
20
vulnerability VCID-njnv-5cwt-4ygy
21
vulnerability VCID-pv2n-2y41-pbg5
22
vulnerability VCID-r61f-p8nh-2bax
23
vulnerability VCID-r874-3h26-j3fp
24
vulnerability VCID-s5ab-nud4-5qdg
25
vulnerability VCID-sa7x-wvn1-skh1
26
vulnerability VCID-sg6k-wdwq-9bgd
27
vulnerability VCID-tfmu-7tad-xbbe
28
vulnerability VCID-ugq4-1vzc-6uh5
29
vulnerability VCID-wage-1bme-bkgb
30
vulnerability VCID-y2bq-cb4v-mke6
31
vulnerability VCID-ymbd-m6tf-5bap
32
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5
1
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36xh-ua3s-gyfr
3
vulnerability VCID-3n34-5rm7-nbcj
4
vulnerability VCID-3s9q-6gvu-qyef
5
vulnerability VCID-43m1-jkv8-jygp
6
vulnerability VCID-5e2c-6mkx-4udu
7
vulnerability VCID-5z33-3pqj-gygw
8
vulnerability VCID-9ze6-mfrw-ukdv
9
vulnerability VCID-c3we-w4qc-6fhs
10
vulnerability VCID-d68e-uehc-nudc
11
vulnerability VCID-dnu9-u6zt-c7ch
12
vulnerability VCID-fga8-ymex-67fw
13
vulnerability VCID-gejv-h449-13e4
14
vulnerability VCID-pv2n-2y41-pbg5
15
vulnerability VCID-r61f-p8nh-2bax
16
vulnerability VCID-r874-3h26-j3fp
17
vulnerability VCID-sa7x-wvn1-skh1
18
vulnerability VCID-tfmu-7tad-xbbe
19
vulnerability VCID-ugq4-1vzc-6uh5
20
vulnerability VCID-wage-1bme-bkgb
21
vulnerability VCID-y2bq-cb4v-mke6
22
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4041, GHSA-qqgj-22gr-73vx, PYSEC-2017-55
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-nud4-5qdg
16
url VCID-sa7x-wvn1-skh1
vulnerability_id VCID-sa7x-wvn1-skh1
summary Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3313
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.6367
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3313
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml
3
reference_url https://plone.org/download/releases/5.2.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/download/releases/5.2.3
4
reference_url https://plone.org/security/hotfix/20210518
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518
5
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
6
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
7
reference_url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
8
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3313
reference_id CVE-2021-3313
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3313
10
reference_url https://github.com/advisories/GHSA-hprr-4vfq-fcxw
reference_id GHSA-hprr-4vfq-fcxw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hprr-4vfq-fcxw
fixed_packages
0
url pkg:pypi/plone@5.2.4
purl pkg:pypi/plone@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3n34-5rm7-nbcj
1
vulnerability VCID-5e2c-6mkx-4udu
2
vulnerability VCID-9ze6-mfrw-ukdv
3
vulnerability VCID-d68e-uehc-nudc
4
vulnerability VCID-dnu9-u6zt-c7ch
5
vulnerability VCID-pv2n-2y41-pbg5
6
vulnerability VCID-r61f-p8nh-2bax
7
vulnerability VCID-r874-3h26-j3fp
8
vulnerability VCID-tfmu-7tad-xbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4
aliases CVE-2021-3313, GHSA-hprr-4vfq-fcxw, PYSEC-2021-78
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sa7x-wvn1-skh1
17
url VCID-tfmu-7tad-xbbe
vulnerability_id VCID-tfmu-7tad-xbbe
summary Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33512
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.53803
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33512
1
reference_url https://github.com/advisories/GHSA-hm2h-f456-6j88
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hm2h-f456-6j88
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33512
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33512
4
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
5
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33512, GHSA-hm2h-f456-6j88, PYSEC-2021-84
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfmu-7tad-xbbe
18
url VCID-ugq4-1vzc-6uh5
vulnerability_id VCID-ugq4-1vzc-6uh5
summary Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5524
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39983
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5524
1
reference_url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
2
reference_url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
3
reference_url https://github.com/plone/Products.CMFPlone/pull/1912
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/1912
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
5
reference_url https://plone.org/security/hotfix/20170117/sandbox-escape
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20170117/sandbox-escape
6
reference_url http://www.openwall.com/lists/oss-security/2017/01/18/6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2017/01/18/6
7
reference_url http://www.securityfocus.com/bid/95679
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95679
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
reference_id CVE-2017-5524
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
fixed_packages
0
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36xh-ua3s-gyfr
3
vulnerability VCID-3n34-5rm7-nbcj
4
vulnerability VCID-3s9q-6gvu-qyef
5
vulnerability VCID-43m1-jkv8-jygp
6
vulnerability VCID-5e2c-6mkx-4udu
7
vulnerability VCID-5z33-3pqj-gygw
8
vulnerability VCID-9ze6-mfrw-ukdv
9
vulnerability VCID-c3we-w4qc-6fhs
10
vulnerability VCID-d68e-uehc-nudc
11
vulnerability VCID-dnu9-u6zt-c7ch
12
vulnerability VCID-fga8-ymex-67fw
13
vulnerability VCID-gejv-h449-13e4
14
vulnerability VCID-gsnt-c1cd-d3bf
15
vulnerability VCID-jn3b-smfx-87gg
16
vulnerability VCID-pv2n-2y41-pbg5
17
vulnerability VCID-r61f-p8nh-2bax
18
vulnerability VCID-r874-3h26-j3fp
19
vulnerability VCID-s5ab-nud4-5qdg
20
vulnerability VCID-sa7x-wvn1-skh1
21
vulnerability VCID-tfmu-7tad-xbbe
22
vulnerability VCID-wage-1bme-bkgb
23
vulnerability VCID-y2bq-cb4v-mke6
24
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
1
url pkg:pypi/plone@5.1b1
purl pkg:pypi/plone@5.1b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36xh-ua3s-gyfr
3
vulnerability VCID-3n34-5rm7-nbcj
4
vulnerability VCID-3s9q-6gvu-qyef
5
vulnerability VCID-43m1-jkv8-jygp
6
vulnerability VCID-5e2c-6mkx-4udu
7
vulnerability VCID-5z33-3pqj-gygw
8
vulnerability VCID-9ze6-mfrw-ukdv
9
vulnerability VCID-c3we-w4qc-6fhs
10
vulnerability VCID-d68e-uehc-nudc
11
vulnerability VCID-dnu9-u6zt-c7ch
12
vulnerability VCID-fga8-ymex-67fw
13
vulnerability VCID-gejv-h449-13e4
14
vulnerability VCID-pv2n-2y41-pbg5
15
vulnerability VCID-r61f-p8nh-2bax
16
vulnerability VCID-r874-3h26-j3fp
17
vulnerability VCID-sa7x-wvn1-skh1
18
vulnerability VCID-tfmu-7tad-xbbe
19
vulnerability VCID-wage-1bme-bkgb
20
vulnerability VCID-y2bq-cb4v-mke6
21
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1
aliases CVE-2017-5524, GHSA-p5wr-vp8g-q5p4, PYSEC-2017-81
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugq4-1vzc-6uh5
19
url VCID-w2u3-bnqq-mqfz
vulnerability_id VCID-w2u3-bnqq-mqfz
summary 
User information disclosure
A vulnerability allows unauthorized disclosure of registered user information.
references
0
reference_url https://plone.org/products/plone/security/advisories/20151208-announcement
reference_id
reference_type
scores
url https://plone.org/products/plone/security/advisories/20151208-announcement
fixed_packages
0
url pkg:pypi/plone@5.0.1
purl pkg:pypi/plone@5.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-311f-xecp-47fm
2
vulnerability VCID-36rb-6jkw-j7d8
3
vulnerability VCID-36xh-ua3s-gyfr
4
vulnerability VCID-3n34-5rm7-nbcj
5
vulnerability VCID-3s9q-6gvu-qyef
6
vulnerability VCID-43m1-jkv8-jygp
7
vulnerability VCID-5e2c-6mkx-4udu
8
vulnerability VCID-5kaj-zugj-mbh1
9
vulnerability VCID-5z33-3pqj-gygw
10
vulnerability VCID-6898-z4k5-h3b6
11
vulnerability VCID-9ze6-mfrw-ukdv
12
vulnerability VCID-c3we-w4qc-6fhs
13
vulnerability VCID-d68e-uehc-nudc
14
vulnerability VCID-dnu9-u6zt-c7ch
15
vulnerability VCID-fga8-ymex-67fw
16
vulnerability VCID-gejv-h449-13e4
17
vulnerability VCID-gsnt-c1cd-d3bf
18
vulnerability VCID-jn3b-smfx-87gg
19
vulnerability VCID-m91w-vguw-qkem
20
vulnerability VCID-njnv-5cwt-4ygy
21
vulnerability VCID-pv2n-2y41-pbg5
22
vulnerability VCID-r61f-p8nh-2bax
23
vulnerability VCID-r874-3h26-j3fp
24
vulnerability VCID-s5ab-nud4-5qdg
25
vulnerability VCID-sa7x-wvn1-skh1
26
vulnerability VCID-sg6k-wdwq-9bgd
27
vulnerability VCID-tfmu-7tad-xbbe
28
vulnerability VCID-ugq4-1vzc-6uh5
29
vulnerability VCID-wage-1bme-bkgb
30
vulnerability VCID-y2bq-cb4v-mke6
31
vulnerability VCID-ymbd-m6tf-5bap
32
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.1
aliases GMS-2015-51
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2u3-bnqq-mqfz
20
url VCID-wage-1bme-bkgb
vulnerability_id VCID-wage-1bme-bkgb
summary SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7939
reference_id
reference_type
scores
0
value 0.00405
scoring_system epss
scoring_elements 0.61294
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7939
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7939
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7939
4
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
5
reference_url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
6
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
7
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36xh-ua3s-gyfr
1
vulnerability VCID-3n34-5rm7-nbcj
2
vulnerability VCID-5e2c-6mkx-4udu
3
vulnerability VCID-5z33-3pqj-gygw
4
vulnerability VCID-9ze6-mfrw-ukdv
5
vulnerability VCID-d68e-uehc-nudc
6
vulnerability VCID-dnu9-u6zt-c7ch
7
vulnerability VCID-pv2n-2y41-pbg5
8
vulnerability VCID-r61f-p8nh-2bax
9
vulnerability VCID-r874-3h26-j3fp
10
vulnerability VCID-sa7x-wvn1-skh1
11
vulnerability VCID-tfmu-7tad-xbbe
12
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7939, GHSA-hhmf-7rgg-gcw5, PYSEC-2020-88
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-1bme-bkgb
21
url VCID-yaa8-vy4x-cqbq
vulnerability_id VCID-yaa8-vy4x-cqbq
summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66719
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7316
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7316
6
reference_url https://plone.org/security/20150910/
reference_id
reference_type
scores
url https://plone.org/security/20150910/
7
reference_url https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url https://plone.org/security/20150910/non-persistent-xss-in-plone
8
reference_url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
9
reference_url https://pypi.org/project/Products.PloneHotfix20150910
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20150910
10
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
11
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/14
fixed_packages
0
url pkg:pypi/plone@5.0rc2
purl pkg:pypi/plone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jxf-hfxq-skg7
1
vulnerability VCID-36xh-ua3s-gyfr
2
vulnerability VCID-3n34-5rm7-nbcj
3
vulnerability VCID-3s9q-6gvu-qyef
4
vulnerability VCID-5e2c-6mkx-4udu
5
vulnerability VCID-5z33-3pqj-gygw
6
vulnerability VCID-9ze6-mfrw-ukdv
7
vulnerability VCID-d68e-uehc-nudc
8
vulnerability VCID-fga8-ymex-67fw
9
vulnerability VCID-gejv-h449-13e4
10
vulnerability VCID-gsnt-c1cd-d3bf
11
vulnerability VCID-jn3b-smfx-87gg
12
vulnerability VCID-pv2n-2y41-pbg5
13
vulnerability VCID-r61f-p8nh-2bax
14
vulnerability VCID-r874-3h26-j3fp
15
vulnerability VCID-s5ab-nud4-5qdg
16
vulnerability VCID-sa7x-wvn1-skh1
17
vulnerability VCID-tfmu-7tad-xbbe
18
vulnerability VCID-ugq4-1vzc-6uh5
19
vulnerability VCID-w2u3-bnqq-mqfz
20
vulnerability VCID-wage-1bme-bkgb
21
vulnerability VCID-z8kt-tf38-eqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2
aliases CVE-2015-7316, GHSA-vf8g-m3vq-6p4p, PYSEC-2017-53
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yaa8-vy4x-cqbq
22
url VCID-z8kt-tf38-eqgc
vulnerability_id VCID-z8kt-tf38-eqgc
summary Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28735
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65579
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28735
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28735
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3n34-5rm7-nbcj
1
vulnerability VCID-5e2c-6mkx-4udu
2
vulnerability VCID-9ze6-mfrw-ukdv
3
vulnerability VCID-ccuu-86vs-s3gs
4
vulnerability VCID-d68e-uehc-nudc
5
vulnerability VCID-dnu9-u6zt-c7ch
6
vulnerability VCID-pv2n-2y41-pbg5
7
vulnerability VCID-r61f-p8nh-2bax
8
vulnerability VCID-r874-3h26-j3fp
9
vulnerability VCID-sa7x-wvn1-skh1
10
vulnerability VCID-tfmu-7tad-xbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28735, GHSA-x7wf-5mjc-6x76, PYSEC-2020-247
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8kt-tf38-eqgc
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0b2