Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/plone@5.2.4
purl pkg:pypi/plone@5.2.4
Next non-vulnerable version 5.2.5
Latest non-vulnerable version 6.0.7
Risk
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-29gf-82fr-k3h8
Aliases:
CVE-2021-35959
PYSEC-2021-110
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
5.2.5
Affected by 0 other vulnerabilities.
VCID-ax8a-2g7j-6ya2
Aliases:
CVE-2021-33513
GHSA-fj67-w3m4-rfmp
PYSEC-2021-85
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
5.2.5
Affected by 0 other vulnerabilities.
VCID-d42u-s7za-a3ad
Aliases:
CVE-2021-33511
GHSA-gc9g-67cq-p7v4
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
5.2.5
Affected by 0 other vulnerabilities.
VCID-eu4z-htaq-c3d6
Aliases:
CVE-2021-33510
GHSA-4mg4-wvmx-5332
PYSEC-2021-82
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
5.2.5
Affected by 0 other vulnerabilities.
VCID-p71t-er3d-9fdn
Aliases:
CVE-2021-33512
GHSA-hm2h-f456-6j88
PYSEC-2021-84
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
5.2.5
Affected by 0 other vulnerabilities.
VCID-q7nt-b3s9-9kf6
Aliases:
CVE-2021-33507
GHSA-35rg-466w-77h3
PYSEC-2021-79
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
5.2.5
Affected by 0 other vulnerabilities.
VCID-r52t-hx1j-ufa1
Aliases:
CVE-2021-33508
GHSA-rmpv-rcp6-v8wc
PYSEC-2021-80
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
5.2.5
Affected by 0 other vulnerabilities.
VCID-x2xm-hpc2-uubq
Aliases:
CVE-2021-33509
GHSA-hm2p-fhwx-9285
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
5.2.5
Affected by 0 other vulnerabilities.
VCID-z4jt-v88h-77er
Aliases:
CVE-2021-33926
GHSA-47p5-p3jw-w78w
PYSEC-2023-289
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
5.2.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-basq-jjsf-3fbd Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload. CVE-2021-3313
PYSEC-2021-78

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:18:19.658859+00:00 Pypa Importer Affected by VCID-z4jt-v88h-77er https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2023-289.yaml 38.6.0
2026-06-02T04:14:13.477637+00:00 Pypa Importer Affected by VCID-29gf-82fr-k3h8 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-110.yaml 38.6.0
2026-06-02T04:13:57.006885+00:00 Pypa Importer Affected by VCID-ax8a-2g7j-6ya2 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-85.yaml 38.6.0
2026-06-02T04:13:56.378376+00:00 Pypa Importer Affected by VCID-p71t-er3d-9fdn https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-84.yaml 38.6.0
2026-06-02T04:13:55.750009+00:00 Pypa Importer Affected by VCID-q7nt-b3s9-9kf6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-79.yaml 38.6.0
2026-06-02T04:13:55.143784+00:00 Pypa Importer Affected by VCID-x2xm-hpc2-uubq https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-81.yaml 38.6.0
2026-06-02T04:13:54.521855+00:00 Pypa Importer Affected by VCID-r52t-hx1j-ufa1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-80.yaml 38.6.0
2026-06-02T04:13:53.901288+00:00 Pypa Importer Affected by VCID-d42u-s7za-a3ad https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-83.yaml 38.6.0
2026-06-02T04:13:53.285547+00:00 Pypa Importer Affected by VCID-eu4z-htaq-c3d6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-82.yaml 38.6.0
2026-06-02T04:13:52.389243+00:00 Pypa Importer Fixing VCID-basq-jjsf-3fbd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-78.yaml 38.6.0