Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/products.cmfplone@4.2.1

Type pypi

Namespace

Name products.cmfplone

Version 4.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.3.17

Latest_non_vulnerable_version 5.1.0

Affected_by_vulnerabilities

url VCID-dzcp-3xuc-m3fb

vulnerability_id VCID-dzcp-3xuc-m3fb

summary

Unauthorized disclosure of site content
A vulnerability that allows attackers to gain information about private site content.

references

reference_url	https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url	https://plone.org/products/plone/security/advisories/20160419-announcement

reference_url	https://plone.org/security/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
url	https://plone.org/security/20160419/unauthorized-disclosure-of-site-content

fixed_packages

aliases GMS-2016-27

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzcp-3xuc-m3fb

url VCID-q1fa-vcan-n7f5

vulnerability_id VCID-q1fa-vcan-n7f5

summary

Multiple CSRF vulnerabilities in Management Interface
There are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).

references

reference_url	https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf
reference_id	CVE-2015-7293;OSVDB-128533;OSVDB-128532
reference_type	exploit
scores
url	https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf

fixed_packages

url pkg:pypi/products.cmfplone@5.0a1

purl pkg:pypi/products.cmfplone@5.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzcp-3xuc-m3fb

vulnerability	VCID-p88u-hqps-fubs

vulnerability	VCID-rj54-wua2-7bd8

vulnerability	VCID-yaa8-vy4x-cqbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a1

aliases GMS-2015-35

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1fa-vcan-n7f5

url VCID-rj54-wua2-7bd8

vulnerability_id VCID-rj54-wua2-7bd8

summary

Privilege escalation in webdav
A missing webdav security declaration would allow unauthorized webdav access.

references

reference_url	https://plone.org/products/plone/security/advisories/20160419-announcement
reference_id
reference_type
scores
url	https://plone.org/products/plone/security/advisories/20160419-announcement

reference_url	https://plone.org/security/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
url	https://plone.org/security/20160419/privilege-escalation-in-webdav

fixed_packages

aliases GMS-2016-28

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rj54-wua2-7bd8

url VCID-yaa8-vy4x-cqbq

vulnerability_id VCID-yaa8-vy4x-cqbq

summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7316

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66719
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7316

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1264788

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1264788

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7316

reference_url	https://plone.org/security/20150910/
reference_id
reference_type
scores
url	https://plone.org/security/20150910/

reference_url	https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url	https://plone.org/security/20150910/non-persistent-xss-in-plone

reference_url

https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone

reference_url

https://pypi.org/project/Products.PloneHotfix20150910

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/Products.PloneHotfix20150910

reference_url	https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url	https://pypi.python.org/pypi/Products.PloneHotfix20150910

reference_url

http://www.openwall.com/lists/oss-security/2015/09/22/14

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/22/14

fixed_packages

url pkg:pypi/products.cmfplone@4.3.7

purl pkg:pypi/products.cmfplone@4.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzcp-3xuc-m3fb

vulnerability	VCID-q1fa-vcan-n7f5

vulnerability	VCID-rj54-wua2-7bd8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7

url pkg:pypi/products.cmfplone@5.0rc2

purl pkg:pypi/products.cmfplone@5.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzcp-3xuc-m3fb

vulnerability	VCID-p88u-hqps-fubs

vulnerability	VCID-rj54-wua2-7bd8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2

aliases CVE-2015-7316, GHSA-vf8g-m3vq-6p4p, PYSEC-2017-53

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yaa8-vy4x-cqbq

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.2.1

Package Instance