Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/plone@3.3.4
purl pkg:pypi/plone@3.3.4
Next non-vulnerable version 4.2a3
Latest non-vulnerable version 6.0.7
Risk
Vulnerabilities affecting this package (74)
Vulnerability Summary Fixed by
VCID-2sk4-yc6h-17c4
Aliases:
CVE-2012-5489
GHSA-879r-7f3w-8jj3
PYSEC-2014-31
PYSEC-2014-74
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-3buw-zes9-ukg4
Aliases:
CVE-2011-1949
GHSA-h6hq-c896-w882
PYSEC-2011-15
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
3.3.6
Affected by 71 other vulnerabilities.
4.0.6
Affected by 72 other vulnerabilities.
4.1.1
Affected by 56 other vulnerabilities.
VCID-3shf-hh9a-rqdw
Aliases:
CVE-2013-4191
PYSEC-2014-55
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-4v5e-r5we-tffe
Aliases:
CVE-2013-4200
GHSA-56p3-rrp4-2j82
PYSEC-2014-64
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-5n6e-cha8-nyb8
Aliases:
CVE-2016-7138
GHSA-v3hp-f8qr-cf3p
PYSEC-2017-61
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
4.0a1
Affected by 64 other vulnerabilities.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-5ry7-xy6b-5fag
Aliases:
CVE-2017-1000483
GHSA-qc57-h2f7-p4hx
PYSEC-2018-72
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-6568-4ert-1bau
Aliases:
CVE-2017-5524
GHSA-p5wr-vp8g-q5p4
PYSEC-2017-81
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
5.1b1
Affected by 22 other vulnerabilities.
VCID-69ps-uetw-y3gf
Aliases:
CVE-2017-1000482
GHSA-859j-668v-mrr6
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-8rp3-p3qe-x7ej
Aliases:
CVE-2020-28736
GHSA-2c8c-84w2-j38j
PYSEC-2020-248
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
5.2.3
Affected by 10 other vulnerabilities.
VCID-9a27-8egg-7uam
Aliases:
CVE-2013-4188
PYSEC-2014-52
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-9dr2-mexa-qfbn
Aliases:
CVE-2013-4192
PYSEC-2014-56
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-9kgy-2mwu-6yhd
Aliases:
CVE-2012-5485
PYSEC-2014-27
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-9u27-bf7b-x7er
Aliases:
CVE-2013-4193
PYSEC-2014-57
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-ax8a-2g7j-6ya2
Aliases:
CVE-2021-33513
GHSA-fj67-w3m4-rfmp
PYSEC-2021-85
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
5.2.5
Affected by 0 other vulnerabilities.
VCID-ay85-551m-vfej
Aliases:
CVE-2016-7137
GHSA-69vh-662j-v988
PYSEC-2017-60
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
4.0a1
Affected by 64 other vulnerabilities.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-basq-jjsf-3fbd
Aliases:
CVE-2021-3313
PYSEC-2021-78
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
5.2.4
Affected by 9 other vulnerabilities.
VCID-chqa-wbu7-eyak
Aliases:
CVE-2012-5498
GHSA-97rj-p794-wq6m
PYSEC-2014-40
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-cpwq-sq8b-4yhf
Aliases:
CVE-2015-7293
PYSEC-2017-51
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
5.0a1
Affected by 25 other vulnerabilities.
VCID-d42u-s7za-a3ad
Aliases:
CVE-2021-33511
GHSA-gc9g-67cq-p7v4
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
5.2.5
Affected by 0 other vulnerabilities.
VCID-dg61-tw4u-dbcc
Aliases:
CVE-2017-1000481
GHSA-8g72-gq68-6gqh
PYSEC-2018-70
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-dxqw-uf6r-vbbh
Aliases:
CVE-2012-5501
PYSEC-2014-43
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-edq7-7ncc-mbfx
Aliases:
CVE-2017-1000484
GHSA-xvwv-6wvx-px9x
PYSEC-2018-73
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-eg2r-ez9f-hkak
Aliases:
CVE-2012-5494
GHSA-3g6w-4m7x-97v6
PYSEC-2014-36
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-eu4z-htaq-c3d6
Aliases:
CVE-2021-33510
GHSA-4mg4-wvmx-5332
PYSEC-2021-82
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
5.2.5
Affected by 0 other vulnerabilities.
VCID-exan-4j3e-2qeh
Aliases:
CVE-2020-28734
GHSA-wq6x-g685-w5f2
PYSEC-2020-246
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
5.2.3
Affected by 10 other vulnerabilities.
VCID-fdpc-runu-ekah
Aliases:
CVE-2020-28735
GHSA-x7wf-5mjc-6x76
PYSEC-2020-247
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
5.2.3
Affected by 10 other vulnerabilities.
VCID-fqcf-4say-h7g8
Aliases:
CVE-2015-7318
PYSEC-2017-54
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
4.0a1
Affected by 64 other vulnerabilities.
VCID-g2ap-vh6r-yqds
Aliases:
CVE-2012-5507
GHSA-3qpr-7rmg-73v8
PYSEC-2014-49
PYSEC-2014-75
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-g6ky-pfur-7kfg
Aliases:
CVE-2012-5504
GHSA-5whw-5cmm-9jw4
PYSEC-2014-46
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-gdtw-2d1s-2bbw
Aliases:
CVE-2012-5490
PYSEC-2014-32
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-h4kd-eh8g-gude
Aliases:
CVE-2015-7316
PYSEC-2017-53
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
4.0a1
Affected by 64 other vulnerabilities.
4.1a1
Affected by 69 other vulnerabilities.
4.2a1
Affected by 53 other vulnerabilities.
4.3a1
Affected by 54 other vulnerabilities.
4.3.7
Affected by 31 other vulnerabilities.
5.0rc2
Affected by 21 other vulnerabilities.
VCID-h8ur-tnzd-afay
Aliases:
CVE-2012-5505
PYSEC-2014-47
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-hb93-ea78-8ygv
Aliases:
CVE-2012-5493
PYSEC-2014-35
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-hhux-xufk-ube2
Aliases:
CVE-2016-7147
PYSEC-2017-64
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-hygx-6n52-u7fz
Aliases:
CVE-2013-4198
PYSEC-2014-62
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-jhw6-wxz2-qbgd
Aliases:
CVE-2011-0720
PYSEC-2011-13
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
4.0.1
Affected by 72 other vulnerabilities.
VCID-jvwn-yw13-gfe9
Aliases:
CVE-2011-1950
GHSA-2qx8-589j-gcpx
PYSEC-2011-16
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
4.0.6
Affected by 72 other vulnerabilities.
4.1.1
Affected by 56 other vulnerabilities.
VCID-khhr-m295-23gs
Aliases:
CVE-2012-6661
GHSA-48vv-2pmq-9fvv
PYSEC-2014-51
PYSEC-2014-76
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-khsn-43tn-37bx
Aliases:
CVE-2012-5500
PYSEC-2014-42
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-krfw-xa2b-vue5
Aliases:
CVE-2012-5486
GHSA-77hv-8796-8ccp
PYSEC-2014-28
PYSEC-2014-73
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-kz14-79we-xbfe
Aliases:
CVE-2012-5492
PYSEC-2014-34
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-mh7a-3p1f-9ufs
Aliases:
CVE-2012-5496
PYSEC-2014-38
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
3.3.6
Affected by 71 other vulnerabilities.
VCID-mt5t-3gsw-7fde
Aliases:
CVE-2012-5495
PYSEC-2014-37
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-n4nh-4rq4-r7hx
Aliases:
CVE-2013-7060
PYSEC-2014-65
PYSEC-2014-67
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
4.3.3
Affected by 33 other vulnerabilities.
VCID-nrxp-p6rx-8kdd
Aliases:
CVE-2013-4195
GHSA-j67j-8hrp-76xm
PYSEC-2014-59
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-p71t-er3d-9fdn
Aliases:
CVE-2021-33512
GHSA-hm2h-f456-6j88
PYSEC-2021-84
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
5.2.5
Affected by 0 other vulnerabilities.
VCID-pb2y-jwn1-wbck
Aliases:
CVE-2012-5488
PYSEC-2014-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-pgrv-sncf-cqca
Aliases:
CVE-2012-5506
GHSA-79hj-474h-v4xv
PYSEC-2014-48
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-pzke-4by2-w3hk
Aliases:
CVE-2016-4042
PYSEC-2017-56
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
5.1a2
Affected by 22 other vulnerabilities.
VCID-q7nt-b3s9-9kf6
Aliases:
CVE-2021-33507
GHSA-35rg-466w-77h3
PYSEC-2021-79
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
5.2.5
Affected by 0 other vulnerabilities.
VCID-r52t-hx1j-ufa1
Aliases:
CVE-2021-33508
GHSA-rmpv-rcp6-v8wc
PYSEC-2021-80
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
5.2.5
Affected by 0 other vulnerabilities.
VCID-s84e-bb7w-5qht
Aliases:
CVE-2013-4197
PYSEC-2014-61
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-shjb-m9k6-uuf1
Aliases:
CVE-2013-4199
GHSA-xfjq-9rxq-ph6m
PYSEC-2014-63
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-svbc-dj3m-t7av
Aliases:
CVE-2012-5497
PYSEC-2014-39
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-tc7w-wttv-vfed
Aliases:
CVE-2012-5508
GHSA-wprr-mc54-c62q
PYSEC-2014-50
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-ud5f-7gx8-83d6
Aliases:
CVE-2013-4196
GHSA-qphh-5fv5-2mjj
PYSEC-2014-60
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-uqe7-n3uh-zfac
Aliases:
CVE-2011-1948
GHSA-p7h9-vf92-5fj5
PYSEC-2011-14
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
4.1.1
Affected by 56 other vulnerabilities.
VCID-uykg-p1e9-mfd8
Aliases:
CVE-2012-5499
PYSEC-2014-41
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-vgga-a2ga-t3hw
Aliases:
CVE-2013-7062
GHSA-4793-w44w-m7xm
PYSEC-2020-218
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
3.3.6
Affected by 71 other vulnerabilities.
4.0a1
Affected by 64 other vulnerabilities.
4.0.9
Affected by 72 other vulnerabilities.
4.0.10
Affected by 71 other vulnerabilities.
4.1.6
Affected by 55 other vulnerabilities.
4.2a1
Affected by 53 other vulnerabilities.
4.3a1
Affected by 54 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
4.3.3
Affected by 33 other vulnerabilities.
VCID-vr9k-9xch-4yc7
Aliases:
CVE-2012-5503
GHSA-prr5-pfr8-q9f3
PYSEC-2014-45
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-w2mv-zekv-8fcv
Aliases:
CVE-2013-7061
GHSA-4vr8-r7qr-fpvq
PYSEC-2014-66
PYSEC-2014-68
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
4.3.3
Affected by 33 other vulnerabilities.
VCID-wuas-tkd4-rkd4
Aliases:
CVE-2015-7315
PYSEC-2017-52
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
4.0a1
Affected by 64 other vulnerabilities.
4.1a1
Affected by 69 other vulnerabilities.
4.2a1
Affected by 53 other vulnerabilities.
4.3a1
Affected by 54 other vulnerabilities.
4.3.7
Affected by 31 other vulnerabilities.
5.0rc2
Affected by 21 other vulnerabilities.
VCID-x2xm-hpc2-uubq
Aliases:
CVE-2021-33509
GHSA-hm2p-fhwx-9285
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
5.2.5
Affected by 0 other vulnerabilities.
VCID-x6y6-xx1a-7kfd
Aliases:
CVE-2012-5502
PYSEC-2014-44
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-x8n5-qj35-eqb1
Aliases:
CVE-2013-4190
PYSEC-2014-54
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-xcaz-c9xr-8bhv
Aliases:
CVE-2010-2422
PYSEC-2010-19
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
3.3.5
Affected by 73 other vulnerabilities.
VCID-xpq8-npn5-kyb9
Aliases:
CVE-2012-5491
PYSEC-2014-33
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-yfkz-3xu3-vyc9
Aliases:
CVE-2016-7139
GHSA-pp4c-2692-7f37
PYSEC-2017-62
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
4.0a1
Affected by 64 other vulnerabilities.
4.3.12
Affected by 23 other vulnerabilities.
5.0.6
Affected by 33 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-yhzr-hb68-cfd6
Aliases:
CVE-2011-4462
GHSA-pcwm-8jc3-qxvj
PYSEC-2011-22
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4.1.4
Affected by 55 other vulnerabilities.
VCID-ykmg-jcfe-8qf4
Aliases:
CVE-2013-4189
PYSEC-2014-53
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-yuph-y2fa-3uaa
Aliases:
CVE-2013-4194
GHSA-mm32-jw73-9227
PYSEC-2014-58
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
4.1.1
Affected by 56 other vulnerabilities.
4.2.6
Affected by 33 other vulnerabilities.
4.3.2
Affected by 36 other vulnerabilities.
VCID-z886-y25h-nua3
Aliases:
CVE-2011-2528
GHSA-p6h9-hpcg-c6gm
PYSEC-2011-25
PYSEC-2011-32
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
3.3.6
Affected by 71 other vulnerabilities.
VCID-zd73-fvwg-nbgx
Aliases:
CVE-2012-5487
PYSEC-2014-29
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
4.2.3
Affected by 46 other vulnerabilities.
4.3b1
Affected by 30 other vulnerabilities.
VCID-zy2g-gzmk-1qcz
Aliases:
CVE-2016-7140
GHSA-chvw-gjxf-f8mc
PYSEC-2017-63
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.0a1
Affected by 64 other vulnerabilities.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:13:56.497499+00:00 Pypa Importer Affected by VCID-ax8a-2g7j-6ya2 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-85.yaml 38.6.0
2026-06-02T04:13:55.872012+00:00 Pypa Importer Affected by VCID-p71t-er3d-9fdn https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-84.yaml 38.6.0
2026-06-02T04:13:55.263538+00:00 Pypa Importer Affected by VCID-q7nt-b3s9-9kf6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-79.yaml 38.6.0
2026-06-02T04:13:54.640616+00:00 Pypa Importer Affected by VCID-x2xm-hpc2-uubq https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-81.yaml 38.6.0
2026-06-02T04:13:54.015569+00:00 Pypa Importer Affected by VCID-r52t-hx1j-ufa1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-80.yaml 38.6.0
2026-06-02T04:13:53.397988+00:00 Pypa Importer Affected by VCID-d42u-s7za-a3ad https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-83.yaml 38.6.0
2026-06-02T04:13:52.787845+00:00 Pypa Importer Affected by VCID-eu4z-htaq-c3d6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-82.yaml 38.6.0
2026-06-02T04:13:51.885197+00:00 Pypa Importer Affected by VCID-basq-jjsf-3fbd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-78.yaml 38.6.0
2026-06-02T04:08:16.006943+00:00 Pypa Importer Affected by VCID-8rp3-p3qe-x7ej https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-248.yaml 38.6.0
2026-06-02T04:08:15.416696+00:00 Pypa Importer Affected by VCID-exan-4j3e-2qeh https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-246.yaml 38.6.0
2026-06-02T04:08:14.807421+00:00 Pypa Importer Affected by VCID-fdpc-runu-ekah https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-247.yaml 38.6.0
2026-06-02T04:06:02.838462+00:00 Pypa Importer Affected by VCID-vgga-a2ga-t3hw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-218.yaml 38.6.0
2026-06-02T04:04:59.578121+00:00 Pypa Importer Affected by VCID-edq7-7ncc-mbfx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-73.yaml 38.6.0
2026-06-02T04:04:58.819961+00:00 Pypa Importer Affected by VCID-5ry7-xy6b-5fag https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-72.yaml 38.6.0
2026-06-02T04:04:58.052978+00:00 Pypa Importer Affected by VCID-69ps-uetw-y3gf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-71.yaml 38.6.0
2026-06-02T04:04:57.219584+00:00 Pypa Importer Affected by VCID-dg61-tw4u-dbcc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-70.yaml 38.6.0
2026-06-02T04:04:46.815261+00:00 Pypa Importer Affected by VCID-cpwq-sq8b-4yhf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-51.yaml 38.6.0
2026-06-02T04:04:45.659726+00:00 Pypa Importer Affected by VCID-h4kd-eh8g-gude https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-53.yaml 38.6.0
2026-06-02T04:04:45.581103+00:00 Pypa Importer Affected by VCID-fqcf-4say-h7g8 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-54.yaml 38.6.0
2026-06-02T04:04:44.497460+00:00 Pypa Importer Affected by VCID-wuas-tkd4-rkd4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-52.yaml 38.6.0
2026-06-02T04:04:35.356087+00:00 Pypa Importer Affected by VCID-6568-4ert-1bau https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-81.yaml 38.6.0
2026-06-02T04:04:34.377601+00:00 Pypa Importer Affected by VCID-5n6e-cha8-nyb8 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-61.yaml 38.6.0
2026-06-02T04:04:33.673434+00:00 Pypa Importer Affected by VCID-zy2g-gzmk-1qcz https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-63.yaml 38.6.0
2026-06-02T04:04:32.738516+00:00 Pypa Importer Affected by VCID-yfkz-3xu3-vyc9 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-62.yaml 38.6.0
2026-06-02T04:04:32.034597+00:00 Pypa Importer Affected by VCID-ay85-551m-vfej https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-60.yaml 38.6.0
2026-06-02T04:04:31.166699+00:00 Pypa Importer Affected by VCID-pzke-4by2-w3hk https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-56.yaml 38.6.0
2026-06-02T04:04:29.014215+00:00 Pypa Importer Affected by VCID-hhux-xufk-ube2 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-64.yaml 38.6.0
2026-06-02T04:03:56.567390+00:00 Pypa Importer Affected by VCID-khhr-m295-23gs https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-51.yaml 38.6.0
2026-06-02T04:03:55.788837+00:00 Pypa Importer Affected by VCID-tc7w-wttv-vfed https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-50.yaml 38.6.0
2026-06-02T04:03:55.307150+00:00 Pypa Importer Affected by VCID-khsn-43tn-37bx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-42.yaml 38.6.0
2026-06-02T04:03:53.066575+00:00 Pypa Importer Affected by VCID-pb2y-jwn1-wbck https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-30.yaml 38.6.0
2026-06-02T04:03:52.763834+00:00 Pypa Importer Affected by VCID-krfw-xa2b-vue5 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-28.yaml 38.6.0
2026-06-02T04:03:52.285013+00:00 Pypa Importer Affected by VCID-pgrv-sncf-cqca https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-48.yaml 38.6.0
2026-06-02T04:03:51.791560+00:00 Pypa Importer Affected by VCID-vr9k-9xch-4yc7 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-45.yaml 38.6.0
2026-06-02T04:03:51.296874+00:00 Pypa Importer Affected by VCID-2sk4-yc6h-17c4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-31.yaml 38.6.0
2026-06-02T04:03:50.819953+00:00 Pypa Importer Affected by VCID-g6ky-pfur-7kfg https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-46.yaml 38.6.0
2026-06-02T04:03:50.349268+00:00 Pypa Importer Affected by VCID-dxqw-uf6r-vbbh https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-43.yaml 38.6.0
2026-06-02T04:03:50.245090+00:00 Pypa Importer Affected by VCID-mh7a-3p1f-9ufs https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-38.yaml 38.6.0
2026-06-02T04:03:49.777510+00:00 Pypa Importer Affected by VCID-xpq8-npn5-kyb9 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-33.yaml 38.6.0
2026-06-02T04:03:49.297432+00:00 Pypa Importer Affected by VCID-uykg-p1e9-mfd8 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-41.yaml 38.6.0
2026-06-02T04:03:48.814406+00:00 Pypa Importer Affected by VCID-hb93-ea78-8ygv https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-35.yaml 38.6.0
2026-06-02T04:03:48.046678+00:00 Pypa Importer Affected by VCID-gdtw-2d1s-2bbw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-32.yaml 38.6.0
2026-06-02T04:03:47.283064+00:00 Pypa Importer Affected by VCID-9kgy-2mwu-6yhd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-27.yaml 38.6.0
2026-06-02T04:03:46.802274+00:00 Pypa Importer Affected by VCID-svbc-dj3m-t7av https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-39.yaml 38.6.0
2026-06-02T04:03:46.332567+00:00 Pypa Importer Affected by VCID-g2ap-vh6r-yqds https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-49.yaml 38.6.0
2026-06-02T04:03:45.857132+00:00 Pypa Importer Affected by VCID-h8ur-tnzd-afay https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-47.yaml 38.6.0
2026-06-02T04:03:45.371324+00:00 Pypa Importer Affected by VCID-chqa-wbu7-eyak https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-40.yaml 38.6.0
2026-06-02T04:03:44.889112+00:00 Pypa Importer Affected by VCID-mt5t-3gsw-7fde https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-37.yaml 38.6.0
2026-06-02T04:03:44.392290+00:00 Pypa Importer Affected by VCID-eg2r-ez9f-hkak https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-36.yaml 38.6.0
2026-06-02T04:03:43.910249+00:00 Pypa Importer Affected by VCID-x6y6-xx1a-7kfd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-44.yaml 38.6.0
2026-06-02T04:03:43.428345+00:00 Pypa Importer Affected by VCID-zd73-fvwg-nbgx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-29.yaml 38.6.0
2026-06-02T04:03:42.943386+00:00 Pypa Importer Affected by VCID-kz14-79we-xbfe https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-34.yaml 38.6.0
2026-06-02T04:03:35.316088+00:00 Pypa Importer Affected by VCID-n4nh-4rq4-r7hx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-65.yaml 38.6.0
2026-06-02T04:03:35.018641+00:00 Pypa Importer Affected by VCID-w2mv-zekv-8fcv https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-66.yaml 38.6.0
2026-06-02T04:03:31.064441+00:00 Pypa Importer Affected by VCID-9dr2-mexa-qfbn https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-56.yaml 38.6.0
2026-06-02T04:03:30.490904+00:00 Pypa Importer Affected by VCID-9a27-8egg-7uam https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-52.yaml 38.6.0
2026-06-02T04:03:29.804008+00:00 Pypa Importer Affected by VCID-ykmg-jcfe-8qf4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-53.yaml 38.6.0
2026-06-02T04:03:29.221137+00:00 Pypa Importer Affected by VCID-x8n5-qj35-eqb1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-54.yaml 38.6.0
2026-06-02T04:03:28.631842+00:00 Pypa Importer Affected by VCID-ud5f-7gx8-83d6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-60.yaml 38.6.0
2026-06-02T04:03:27.896979+00:00 Pypa Importer Affected by VCID-yuph-y2fa-3uaa https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-58.yaml 38.6.0
2026-06-02T04:03:27.323047+00:00 Pypa Importer Affected by VCID-hygx-6n52-u7fz https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-62.yaml 38.6.0
2026-06-02T04:03:26.535485+00:00 Pypa Importer Affected by VCID-9u27-bf7b-x7er https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-57.yaml 38.6.0
2026-06-02T04:03:25.965644+00:00 Pypa Importer Affected by VCID-3shf-hh9a-rqdw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-55.yaml 38.6.0
2026-06-02T04:03:25.394313+00:00 Pypa Importer Affected by VCID-s84e-bb7w-5qht https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-61.yaml 38.6.0
2026-06-02T04:03:24.808525+00:00 Pypa Importer Affected by VCID-shjb-m9k6-uuf1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-63.yaml 38.6.0
2026-06-02T04:03:24.232763+00:00 Pypa Importer Affected by VCID-nrxp-p6rx-8kdd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-59.yaml 38.6.0
2026-06-02T04:03:23.255510+00:00 Pypa Importer Affected by VCID-4v5e-r5we-tffe https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-64.yaml 38.6.0
2026-06-02T04:03:14.897926+00:00 Pypa Importer Affected by VCID-yhzr-hb68-cfd6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-22.yaml 38.6.0
2026-06-02T04:03:13.626282+00:00 Pypa Importer Affected by VCID-z886-y25h-nua3 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-25.yaml 38.6.0
2026-06-02T04:03:13.451426+00:00 Pypa Importer Affected by VCID-uqe7-n3uh-zfac https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-14.yaml 38.6.0
2026-06-02T04:03:13.225389+00:00 Pypa Importer Affected by VCID-3buw-zes9-ukg4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-15.yaml 38.6.0
2026-06-02T04:03:12.973319+00:00 Pypa Importer Affected by VCID-jvwn-yw13-gfe9 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-16.yaml 38.6.0
2026-06-02T04:03:11.971122+00:00 Pypa Importer Affected by VCID-jhw6-wxz2-qbgd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-13.yaml 38.6.0
2026-06-02T04:03:09.646613+00:00 Pypa Importer Affected by VCID-xcaz-c9xr-8bhv https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2010-19.yaml 38.6.0