{"url":"http://public2.vulnerablecode.io/api/packages/201804?format=json","purl":"pkg:pypi/products.cmfplone@4.3a1","type":"pypi","namespace":"","name":"products.cmfplone","version":"4.3a1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.3.17","latest_non_vulnerable_version":"5.1.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38094?format=json","vulnerability_id":"VCID-gd5v-ueah-j7eh","summary":"Privilege escalation in webdav\nA missing webdav security declaration would allow unauthorized webdav access.","references":[{"reference_url":"https://plone.org/products/plone/security/advisories/20160419-announcement","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20160419-announcement"},{"reference_url":"https://plone.org/security/20160419/privilege-escalation-in-webdav","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20160419/privilege-escalation-in-webdav"}],"fixed_packages":[],"aliases":["GMS-2016-28"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd5v-ueah-j7eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35116?format=json","vulnerability_id":"VCID-h4kd-eh8g-gude","summary":"Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7316","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66767","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264788"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7316","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7316"},{"reference_url":"https://plone.org/security/20150910/","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910/"},{"reference_url":"https://plone.org/security/20150910/non-persistent-xss-in-plone","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910/non-persistent-xss-in-plone"},{"reference_url":"https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"},{"reference_url":"https://pypi.org/project/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/Products.PloneHotfix20150910"},{"reference_url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/22/14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/09/22/14"},{"reference_url":"https://github.com/advisories/GHSA-vf8g-m3vq-6p4p","reference_id":"GHSA-vf8g-m3vq-6p4p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vf8g-m3vq-6p4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54171?format=json","purl":"pkg:pypi/products.cmfplone@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-vyc7-kfh2-vbfy"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54172?format=json","purl":"pkg:pypi/products.cmfplone@5.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-mu56-js96-3fdr"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2"}],"aliases":["CVE-2015-7316","GHSA-vf8g-m3vq-6p4p","PYSEC-2017-53"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37926?format=json","vulnerability_id":"VCID-vyc7-kfh2-vbfy","summary":"Multiple CSRF vulnerabilities in Management Interface\nThere are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).","references":[{"reference_url":"https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf","reference_id":"CVE-2015-7293;OSVDB-128533;OSVDB-128532","reference_type":"exploit","scores":[],"url":"https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/201816?format=json","purl":"pkg:pypi/products.cmfplone@5.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-mu56-js96-3fdr"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a1"}],"aliases":["GMS-2015-35"],"risk_score":null,"exploitability":"1.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyc7-kfh2-vbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38093?format=json","vulnerability_id":"VCID-zg7t-g8m5-nbat","summary":"Unauthorized disclosure of site content\nA vulnerability that allows attackers to gain information about private site content.","references":[{"reference_url":"https://plone.org/products/plone/security/advisories/20160419-announcement","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20160419-announcement"},{"reference_url":"https://plone.org/security/20160419/unauthorized-disclosure-of-site-content","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20160419/unauthorized-disclosure-of-site-content"}],"fixed_packages":[],"aliases":["GMS-2016-27"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zg7t-g8m5-nbat"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3a1"}