VulnerableCode Package Details - pkg:pypi/plone@5.2.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3n34-5rm7-nbcj	Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.	CVE-2021-33510 GHSA-4mg4-wvmx-5332 PYSEC-2021-82
VCID-5e2c-6mkx-4udu	Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.	CVE-2021-33511 GHSA-gc9g-67cq-p7v4 PYSEC-2021-83
VCID-9ze6-mfrw-ukdv	Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.	CVE-2021-33513 GHSA-fj67-w3m4-rfmp PYSEC-2021-85
VCID-d68e-uehc-nudc	Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.	CVE-2021-33509 GHSA-hm2p-fhwx-9285 PYSEC-2021-81
VCID-dnu9-u6zt-c7ch	In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.	CVE-2021-35959 GHSA-qfhw-fv3g-v836 PYSEC-2021-110
VCID-pv2n-2y41-pbg5	Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.	CVE-2021-33507 GHSA-35rg-466w-77h3 PYSEC-2021-79
VCID-r61f-p8nh-2bax	An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.	CVE-2021-33926 GHSA-47p5-p3jw-w78w PYSEC-2023-289
VCID-r874-3h26-j3fp	Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.	CVE-2021-33508 GHSA-rmpv-rcp6-v8wc PYSEC-2021-80
VCID-tfmu-7tad-xbbe	Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.	CVE-2021-33512 GHSA-hm2h-f456-6j88 PYSEC-2021-84

Vulnerability

Summary

Aliases

VCID-3n34-5rm7-nbcj

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.

CVE-2021-33510
GHSA-4mg4-wvmx-5332
PYSEC-2021-82

VCID-5e2c-6mkx-4udu

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.

CVE-2021-33511
GHSA-gc9g-67cq-p7v4
PYSEC-2021-83

VCID-9ze6-mfrw-ukdv

Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.

CVE-2021-33513
GHSA-fj67-w3m4-rfmp
PYSEC-2021-85

VCID-d68e-uehc-nudc

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

CVE-2021-33509
GHSA-hm2p-fhwx-9285
PYSEC-2021-81

VCID-dnu9-u6zt-c7ch

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.

CVE-2021-35959
GHSA-qfhw-fv3g-v836
PYSEC-2021-110

VCID-pv2n-2y41-pbg5

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

CVE-2021-33507
GHSA-35rg-466w-77h3
PYSEC-2021-79

VCID-r61f-p8nh-2bax

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

CVE-2021-33926
GHSA-47p5-p3jw-w78w
PYSEC-2023-289

VCID-r874-3h26-j3fp

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.

CVE-2021-33508
GHSA-rmpv-rcp6-v8wc
PYSEC-2021-80

VCID-tfmu-7tad-xbbe

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.

CVE-2021-33512
GHSA-hm2h-f456-6j88
PYSEC-2021-84

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:14:22.714590+00:00	GithubOSV Importer	Fixing	VCID-d68e-uehc-nudc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-hm2p-fhwx-9285/GHSA-hm2p-fhwx-9285.json	38.6.0
2026-05-31T11:06:26.244608+00:00	GithubOSV Importer	Fixing	VCID-r61f-p8nh-2bax	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-47p5-p3jw-w78w/GHSA-47p5-p3jw-w78w.json	38.6.0
2026-05-31T09:44:41.042770+00:00	PyPI Importer	Fixing	VCID-r61f-p8nh-2bax	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:29.873890+00:00	PyPI Importer	Fixing	VCID-dnu9-u6zt-c7ch	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:21.396955+00:00	PyPI Importer	Fixing	VCID-r874-3h26-j3fp	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:21.096202+00:00	PyPI Importer	Fixing	VCID-pv2n-2y41-pbg5	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:20.798639+00:00	PyPI Importer	Fixing	VCID-3n34-5rm7-nbcj	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:20.493981+00:00	PyPI Importer	Fixing	VCID-tfmu-7tad-xbbe	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:20.186118+00:00	PyPI Importer	Fixing	VCID-9ze6-mfrw-ukdv	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:19.893247+00:00	PyPI Importer	Fixing	VCID-5e2c-6mkx-4udu	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:19.593113+00:00	PyPI Importer	Fixing	VCID-d68e-uehc-nudc	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:59:47.933638+00:00	GitLab Importer	Fixing	VCID-r61f-p8nh-2bax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2021-33926.yml	38.6.0
2026-05-30T20:31:21.247030+00:00	Pypa Importer	Fixing	VCID-r61f-p8nh-2bax	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2023-289.yaml	38.6.0
2026-05-30T20:27:09.401578+00:00	Pypa Importer	Fixing	VCID-dnu9-u6zt-c7ch	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-110.yaml	38.6.0
2026-05-30T20:26:52.468371+00:00	Pypa Importer	Fixing	VCID-9ze6-mfrw-ukdv	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-85.yaml	38.6.0
2026-05-30T20:26:51.829066+00:00	Pypa Importer	Fixing	VCID-tfmu-7tad-xbbe	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-84.yaml	38.6.0
2026-05-30T20:26:51.192542+00:00	Pypa Importer	Fixing	VCID-pv2n-2y41-pbg5	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-79.yaml	38.6.0
2026-05-30T20:26:50.578061+00:00	Pypa Importer	Fixing	VCID-d68e-uehc-nudc	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-81.yaml	38.6.0
2026-05-30T20:26:49.927032+00:00	Pypa Importer	Fixing	VCID-r874-3h26-j3fp	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-80.yaml	38.6.0
2026-05-30T20:26:49.293408+00:00	Pypa Importer	Fixing	VCID-5e2c-6mkx-4udu	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-83.yaml	38.6.0
2026-05-30T20:26:48.659615+00:00	Pypa Importer	Fixing	VCID-3n34-5rm7-nbcj	https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-82.yaml	38.6.0