Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/20792?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "type": "pypi", "namespace": "", "name": "plone", "version": "4.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.0.10", "latest_non_vulnerable_version": "6.0.10", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217597?format=api", "vulnerability_id": "VCID-14h5-hnhw-zuc2", "summary": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63421", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7315" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791" }, { "reference_url": "https://github.com/advisories/GHSA-984m-rj28-8c6x", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-984m-rj28-8c6x" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7315" }, { "reference_url": "https://plone.org/security/20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910" }, { "reference_url": "https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members" }, { "reference_url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20150910" }, { "reference_url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48480?format=api", "purl": "pkg:pypi/plone@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/48636?format=api", "purl": "pkg:pypi/plone@5.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2" } ], "aliases": [ "CVE-2015-7315", "GHSA-984m-rj28-8c6x", "PYSEC-2017-52" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14h5-hnhw-zuc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217525?format=api", "vulnerability_id": "VCID-177r-1ryk-pfbp", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.66058", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7140" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-chvw-gjxf-f8mc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-chvw-gjxf-f8mc" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7140", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7140" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373466", "reference_id": "1373466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373466" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7140", "GHSA-chvw-gjxf-f8mc", "PYSEC-2017-63" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-177r-1ryk-pfbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217496?format=api", "vulnerability_id": "VCID-1rvm-wt1t-kucb", "summary": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53638", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7147" }, { "reference_url": "https://github.com/advisories/GHSA-84jm-cpc5-c7g7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-84jm-cpc5-c7g7" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7147", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7147" }, { "reference_url": "https://plone.org/security/hotfix/20170117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117" }, { "reference_url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2" }, { "reference_url": "https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117" }, { "reference_url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html" }, { "reference_url": "http://www.curesec.com/blog/article/blog/Plone-XSS-186.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.curesec.com/blog/article/blog/Plone-XSS-186.html" }, { "reference_url": "http://www.securityfocus.com/bid/96117", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96117" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7147", "GHSA-84jm-cpc5-c7g7", "PYSEC-2017-64" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rvm-wt1t-kucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218089?format=api", "vulnerability_id": "VCID-213v-yc9d-u7dx", "summary": "Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65733", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28734" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-wq6x-g685-w5f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq6x-g685-w5f2" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28734" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23898?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28734", "GHSA-wq6x-g685-w5f2", "PYSEC-2020-246" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-213v-yc9d-u7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217640?format=api", "vulnerability_id": "VCID-37gz-3kz2-pyh5", "summary": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52554", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000482" }, { "reference_url": "https://github.com/advisories/GHSA-859j-668v-mrr6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-859j-668v-mrr6" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2233" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2234", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2234" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2235", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2235" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2236", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2236" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000482" }, { "reference_url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532485", "reference_id": "1532485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14658?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/14660?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000482", "GHSA-859j-668v-mrr6", "PYSEC-2018-71" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37gz-3kz2-pyh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217600?format=api", "vulnerability_id": "VCID-3kbx-xrnj-nyfu", "summary": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66855", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788" }, { "reference_url": "https://github.com/advisories/GHSA-vf8g-m3vq-6p4p", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vf8g-m3vq-6p4p" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316" }, { "reference_url": "https://plone.org/security/20150910/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/" }, { "reference_url": "https://plone.org/security/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20150910" }, { "reference_url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48480?format=api", "purl": "pkg:pypi/plone@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/48636?format=api", "purl": "pkg:pypi/plone@5.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2" } ], "aliases": [ "CVE-2015-7316", "GHSA-vf8g-m3vq-6p4p", "PYSEC-2017-53" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kbx-xrnj-nyfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156864?format=api", "vulnerability_id": "VCID-4yk1-dgbv-rubx", "summary": "An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66463", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33926" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33926" }, { "reference_url": "https://plone.org/security/hotfix/20210518", "reference_id": "20210518", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/" } ], "url": "https://plone.org/security/hotfix/20210518" }, { "reference_url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url", "reference_id": "blind-ssrf-via-feedparser-accessing-an-internal-url", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/" } ], "url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url" }, { "reference_url": "https://github.com/advisories/GHSA-47p5-p3jw-w78w", "reference_id": "GHSA-47p5-p3jw-w78w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47p5-p3jw-w78w" }, { "reference_url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf", "reference_id": "Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/" } ], "url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33926", "GHSA-47p5-p3jw-w78w", "PYSEC-2023-289" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yk1-dgbv-rubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217516?format=api", "vulnerability_id": "VCID-5qmx-515u-dbdq", "summary": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00477", "scoring_system": "epss", "scoring_elements": "0.65357", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7137" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-69vh-662j-v988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-69vh-662j-v988" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7137", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7137" }, { "reference_url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone" }, { "reference_url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373440", "reference_id": "1373440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373440" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7137", "GHSA-69vh-662j-v988", "PYSEC-2017-60" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qmx-515u-dbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217601?format=api", "vulnerability_id": "VCID-7h1m-1f34-5qcs", "summary": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt" }, { "reference_url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56486", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7293" }, { "reference_url": "https://github.com/advisories/GHSA-p3qm-44cf-f8qx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p3qm-44cf-f8qx" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7293", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7293" }, { "reference_url": "https://plone.org/security/hotfix/20151006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20151006" }, { "reference_url": "https://pypi.python.org/pypi/plone4.csrffixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.python.org/pypi/plone4.csrffixes" }, { "reference_url": "https://www.exploit-db.com/exploits/38411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/38411" }, { "reference_url": "https://www.exploit-db.com/exploits/38411/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/38411/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt", "reference_id": "CVE-2015-7293;OSVDB-128533;OSVDB-128532", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt" }, { "reference_url": "https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf", "reference_id": "CVE-2015-7293;OSVDB-128533;OSVDB-128532", "reference_type": "exploit", "scores": [], "url": "https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48628?format=api", "purl": "pkg:pypi/plone@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1" } ], "aliases": [ "CVE-2015-7293", "GHSA-p3qm-44cf-f8qx", "PYSEC-2017-51" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7h1m-1f34-5qcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218160?format=api", "vulnerability_id": "VCID-7w2h-6rxu-xqcd", "summary": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52353", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33507" }, { "reference_url": "https://github.com/advisories/GHSA-35rg-466w-77h3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35rg-466w-77h3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33507", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33507" }, { "reference_url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33507", "GHSA-35rg-466w-77h3", "PYSEC-2021-79" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7w2h-6rxu-xqcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217866?format=api", "vulnerability_id": "VCID-8kb4-bxbj-4udw", "summary": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61448", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7939" }, { "reference_url": "https://github.com/advisories/GHSA-hhmf-7rgg-gcw5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhmf-7rgg-gcw5" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7939", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7939" }, { "reference_url": "https://plone.org/security/hotfix/20200121", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121" }, { "reference_url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/01/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798204", "reference_id": "1798204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798204" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56455?format=api", "purl": "pkg:pypi/plone@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2" } ], "aliases": [ "CVE-2020-7939", "GHSA-hhmf-7rgg-gcw5", "PYSEC-2020-88" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kb4-bxbj-4udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210426?format=api", "vulnerability_id": "VCID-9qpy-74mb-cfc6", "summary": "Plone XSS in User Fullname Property and File Upload", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63814", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3313" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml" }, { "reference_url": "https://plone.org/download/releases/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/download/releases/5.2.3" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname" }, { "reference_url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3313", "reference_id": "CVE-2021-3313", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3313" }, { "reference_url": "https://github.com/advisories/GHSA-hprr-4vfq-fcxw", "reference_id": "GHSA-hprr-4vfq-fcxw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hprr-4vfq-fcxw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23391?format=api", "purl": "pkg:pypi/plone@5.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4" } ], "aliases": [ "CVE-2021-3313", "GHSA-hprr-4vfq-fcxw", "PYSEC-2021-78" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpy-74mb-cfc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218156?format=api", "vulnerability_id": "VCID-br6e-6exv-ykg6", "summary": "Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.5134", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33511" }, { "reference_url": "https://github.com/advisories/GHSA-gc9g-67cq-p7v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc9g-67cq-p7v4" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33511", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33511" }, { "reference_url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33511", "GHSA-gc9g-67cq-p7v4", "PYSEC-2021-83" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br6e-6exv-ykg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210631?format=api", "vulnerability_id": "VCID-d874-w13w-qkey", "summary": "Plone XSS Vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54553", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29002" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3255", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3255" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml" }, { "reference_url": "https://www.exploit-db.com/exploits/49668", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/49668" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29002", "reference_id": "CVE-2021-29002", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29002" }, { "reference_url": "https://github.com/advisories/GHSA-38g6-x6jv-jwff", "reference_id": "GHSA-38g6-x6jv-jwff", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38g6-x6jv-jwff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23391?format=api", "purl": "pkg:pypi/plone@5.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4" } ], "aliases": [ "CVE-2021-29002", "GHSA-38g6-x6jv-jwff", "PYSEC-2021-889" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d874-w13w-qkey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200674?format=api", "vulnerability_id": "VCID-ezb4-3xtr-h3g6", "summary": "Plone Sandbox Escape", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40073", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5524" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/1912", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/1912" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20170117/sandbox-escape", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20170117/sandbox-escape" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/18/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2017/01/18/6" }, { "reference_url": "http://www.securityfocus.com/bid/95679", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/95679" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436640", "reference_id": "1436640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5524", "reference_id": "CVE-2017-5524", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5524" }, { "reference_url": "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4", "reference_id": "GHSA-p5wr-vp8g-q5p4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/13151?format=api", "purl": "pkg:pypi/plone@5.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1" } ], "aliases": [ "CVE-2017-5524", "GHSA-p5wr-vp8g-q5p4", "PYSEC-2017-81" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezb4-3xtr-h3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211637?format=api", "vulnerability_id": "VCID-hb8u-3ubs-x7hf", "summary": "Cross-Frame Scripting vulnerability has been found on Plone CMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15946", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0669" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0669", "reference_id": "CVE-2024-0669", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0669" }, { "reference_url": "https://github.com/advisories/GHSA-5xfx-55x4-j223", "reference_id": "GHSA-5xfx-55x4-j223", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xfx-55x4-j223" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/685947?format=api", "purl": "pkg:pypi/plone@6.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/28441?format=api", "purl": "pkg:pypi/plone@6.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.7" } ], "aliases": [ "CVE-2024-0669", "GHSA-5xfx-55x4-j223" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8u-3ubs-x7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218158?format=api", "vulnerability_id": "VCID-hgwu-kg1s-ffcn", "summary": "Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53951", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33512" }, { "reference_url": "https://github.com/advisories/GHSA-hm2h-f456-6j88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm2h-f456-6j88" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33512", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33512" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33512", "GHSA-hm2h-f456-6j88", "PYSEC-2021-84" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgwu-kg1s-ffcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209286?format=api", "vulnerability_id": "VCID-jduh-f7z9-3qcc", "summary": "Plone Zope cross-site scripting (XSS) vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/467", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/467" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/485", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/485" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-OFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-OFS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392", "reference_id": "1040392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062", "reference_id": "CVE-2013-7062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062" }, { "reference_url": "https://github.com/advisories/GHSA-4793-w44w-m7xm", "reference_id": "GHSA-4793-w44w-m7xm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4793-w44w-m7xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46599?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7062", "GHSA-4793-w44w-m7xm", "PYSEC-2020-218" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jduh-f7z9-3qcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217518?format=api", "vulnerability_id": "VCID-jp3d-8ja2-c3a6", "summary": "Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.66058", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7138" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-v3hp-f8qr-cf3p", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3hp-f8qr-cf3p" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7138", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7138" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1" }, { "reference_url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373442", "reference_id": "1373442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373442" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7138", "GHSA-v3hp-f8qr-cf3p", "PYSEC-2017-61" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jp3d-8ja2-c3a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217421?format=api", "vulnerability_id": "VCID-kcx4-zkp3-xucf", "summary": "Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64267", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7060" }, { "reference_url": "https://github.com/advisories/GHSA-rg52-j87w-pf83", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rg52-j87w-pf83" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/blob/b08a45bc12b1bd42411f1130a487a7a242349ea0/Products/CMFPlone/FactoryTool.py#L272-L274" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-65.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-67.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7060", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7060" }, { "reference_url": "https://plone.org/security/20131210/path-leak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/path-leak" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/10/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040378", "reference_id": "1040378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46599?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7060", "GHSA-rg52-j87w-pf83", "PYSEC-2014-65", "PYSEC-2014-67" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcx4-zkp3-xucf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217868?format=api", "vulnerability_id": "VCID-kzvb-7yn4-qbb9", "summary": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.57112", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7940" }, { "reference_url": "https://github.com/advisories/GHSA-cw58-gpgw-hwx2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cw58-gpgw-hwx2" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7940", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7940" }, { "reference_url": "https://plone.org/security/hotfix/20200121", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121" }, { "reference_url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/01/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798203", "reference_id": "1798203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798203" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48627?format=api", "purl": "pkg:pypi/plone@4.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/56444?format=api", "purl": "pkg:pypi/plone@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56454?format=api", "purl": "pkg:pypi/plone@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q73-sfre-3ffg" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/56455?format=api", "purl": "pkg:pypi/plone@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2" } ], "aliases": [ "CVE-2020-7940", "GHSA-cw58-gpgw-hwx2", "PYSEC-2020-89" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzvb-7yn4-qbb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218155?format=api", "vulnerability_id": "VCID-mu4f-29hh-dbhp", "summary": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.75265", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33509" }, { "reference_url": "https://github.com/advisories/GHSA-hm2p-fhwx-9285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm2p-fhwx-9285" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33509", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33509" }, { "reference_url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33509", "GHSA-hm2p-fhwx-9285", "PYSEC-2021-81" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4f-29hh-dbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202775?format=api", "vulnerability_id": "VCID-n722-gtzf-gqgd", "summary": "Plone Open Redirect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41545", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000484" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532487", "reference_id": "1532487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484", "reference_id": "CVE-2017-1000484", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484" }, { "reference_url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x", "reference_id": "GHSA-xvwv-6wvx-px9x", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14658?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/14660?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000484", "GHSA-xvwv-6wvx-px9x", "PYSEC-2018-73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n722-gtzf-gqgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217515?format=api", "vulnerability_id": "VCID-nkez-59zg-8fan", "summary": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.66058", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7139" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-pp4c-2692-7f37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pp4c-2692-7f37" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7139" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone" }, { "reference_url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464", "reference_id": "1373464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/48491?format=api", "purl": "pkg:pypi/plone@5.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7139", "GHSA-pp4c-2692-7f37", "PYSEC-2017-62" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkez-59zg-8fan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217523?format=api", "vulnerability_id": "VCID-nr4g-tdxq-byhh", "summary": "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7136.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66331", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7136" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-22jm-p2vv-j2hc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22jm-p2vv-j2hc" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7136" }, { "reference_url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms" }, { "reference_url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373437", "reference_id": "1373437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7136", "GHSA-22jm-p2vv-j2hc", "PYSEC-2017-59" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nr4g-tdxq-byhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217512?format=api", "vulnerability_id": "VCID-nzjx-cckn-dfbc", "summary": "Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62909", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4041" }, { "reference_url": "https://github.com/advisories/GHSA-qqgj-22gr-73vx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qqgj-22gr-73vx" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4041" }, { "reference_url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48483?format=api", "purl": "pkg:pypi/plone@4.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/48490?format=api", "purl": "pkg:pypi/plone@5.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/13150?format=api", "purl": "pkg:pypi/plone@5.1a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2" } ], "aliases": [ "CVE-2016-4041", "GHSA-qqgj-22gr-73vx", "PYSEC-2017-55" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzjx-cckn-dfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218159?format=api", "vulnerability_id": "VCID-qmqy-eng1-3ka6", "summary": "Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30522", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33510" }, { "reference_url": "https://github.com/advisories/GHSA-4mg4-wvmx-5332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4mg4-wvmx-5332" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33510", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33510" }, { "reference_url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33510", "GHSA-4mg4-wvmx-5332", "PYSEC-2021-82" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmqy-eng1-3ka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217420?format=api", "vulnerability_id": "VCID-qww5-d5cg-jfb5", "summary": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49554", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7061" }, { "reference_url": "https://github.com/advisories/GHSA-4vr8-r7qr-fpvq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4vr8-r7qr-fpvq" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7061", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7061" }, { "reference_url": "https://plone.org/security/20131210/catalogue-exposure", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/catalogue-exposure" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20131210", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20131210" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/10/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/10/15" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/12/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040379", "reference_id": "1040379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46599?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7061", "GHSA-4vr8-r7qr-fpvq", "PYSEC-2014-66", "PYSEC-2014-68" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qww5-d5cg-jfb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217513?format=api", "vulnerability_id": "VCID-rmp2-rsv7-auds", "summary": "Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46003", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4042" }, { "reference_url": "https://github.com/advisories/GHSA-v4vj-49m5-wjhw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v4vj-49m5-wjhw" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4042" }, { "reference_url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/04/20/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48483?format=api", "purl": "pkg:pypi/plone@4.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/48490?format=api", "purl": "pkg:pypi/plone@5.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/13150?format=api", "purl": "pkg:pypi/plone@5.1a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2" } ], "aliases": [ "CVE-2016-4042", "GHSA-v4vj-49m5-wjhw", "PYSEC-2017-56" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmp2-rsv7-auds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361676?format=api", "vulnerability_id": "VCID-rxv3-yw68-a3cp", "summary": "User information disclosure\nA vulnerability allows unauthorized disclosure of registered user information.", "references": [ { "reference_url": "https://plone.org/products/plone/security/advisories/20151208-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/products/plone/security/advisories/20151208-announcement" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48481?format=api", "purl": "pkg:pypi/plone@4.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/48485?format=api", "purl": "pkg:pypi/plone@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.1" } ], "aliases": [ "GMS-2015-51" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxv3-yw68-a3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218088?format=api", "vulnerability_id": "VCID-t8kn-cm9s-yfgv", "summary": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65733", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28736" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-2c8c-84w2-j38j", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c8c-84w2-j38j" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28736" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23898?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28736", "GHSA-2c8c-84w2-j38j", "PYSEC-2020-248" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8kn-cm9s-yfgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217863?format=api", "vulnerability_id": "VCID-tkhq-78vd-aygx", "summary": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7936", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.57102", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7936" }, { "reference_url": "https://github.com/advisories/GHSA-82j9-wfcf-9v2h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-82j9-wfcf-9v2h" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7936", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7936" }, { "reference_url": "https://plone.org/security/hotfix/20200121", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121" }, { "reference_url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/01/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798205", "reference_id": "1798205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48627?format=api", "purl": "pkg:pypi/plone@4.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/56444?format=api", "purl": "pkg:pypi/plone@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56455?format=api", "purl": "pkg:pypi/plone@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2" } ], "aliases": [ "CVE-2020-7936", "GHSA-82j9-wfcf-9v2h", "PYSEC-2020-85" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkhq-78vd-aygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217865?format=api", "vulnerability_id": "VCID-ub1u-ev6d-sugd", "summary": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70507", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7941" }, { "reference_url": "https://github.com/plone/plone.app.contenttypes", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/plone.app.contenttypes" }, { "reference_url": "https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7941", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7941" }, { "reference_url": "https://plone.org/security/hotfix/20200121", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121" }, { "reference_url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/01/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798201", "reference_id": "1798201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798201" }, { "reference_url": "https://github.com/advisories/GHSA-w6g9-xccc-347h", "reference_id": "GHSA-w6g9-xccc-347h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w6g9-xccc-347h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56455?format=api", "purl": "pkg:pypi/plone@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2" } ], "aliases": [ "CVE-2020-7941", "GHSA-w6g9-xccc-347h", "PYSEC-2020-90" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ub1u-ev6d-sugd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218087?format=api", "vulnerability_id": "VCID-utck-uem9-n7a6", "summary": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65733", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28735" }, { "reference_url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt" }, { "reference_url": "https://github.com/advisories/GHSA-x7wf-5mjc-6x76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7wf-5mjc-6x76" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/3209" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28735" }, { "reference_url": "https://www.misakikata.com/codes/plone/python-en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.misakikata.com/codes/plone/python-en.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23898?format=api", "purl": "pkg:pypi/plone@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3" } ], "aliases": [ "CVE-2020-28735", "GHSA-x7wf-5mjc-6x76", "PYSEC-2020-247" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utck-uem9-n7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210119?format=api", "vulnerability_id": "VCID-w7wr-p69p-13dw", "summary": "Plone Unauthorized Access Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000483" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/sandbox-escape", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/sandbox-escape" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532484", "reference_id": "1532484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532484" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483", "reference_id": "CVE-2017-1000483", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483" }, { "reference_url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx", "reference_id": "GHSA-qc57-h2f7-p4hx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14658?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/14660?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000483", "GHSA-qc57-h2f7-p4hx", "PYSEC-2018-72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7wr-p69p-13dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217517?format=api", "vulnerability_id": "VCID-xzvt-13fh-tubp", "summary": "Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7135.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72484", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7135" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/80", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/80" }, { "reference_url": "https://github.com/advisories/GHSA-m7f9-65wr-pwch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m7f9-65wr-pwch" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-58.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7135", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7135" }, { "reference_url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20160830", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20160830" }, { "reference_url": "https://web.archive.org/web/20200227230348/http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227230348/http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/09/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" }, { "reference_url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/92752", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373397", "reference_id": "1373397", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373397" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13148?format=api", "purl": "pkg:pypi/plone@4.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13146?format=api", "purl": "pkg:pypi/plone@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-6e71-df37-yyf1" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7" } ], "aliases": [ "CVE-2016-7135", "GHSA-m7f9-65wr-pwch", "PYSEC-2017-58" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzvt-13fh-tubp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217637?format=api", "vulnerability_id": "VCID-ys36-9r8f-63ab", "summary": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41545", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000481" }, { "reference_url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh" }, { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2233" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2234", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2234" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2235", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2235" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2236", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/pull/2236" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481" }, { "reference_url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532489", "reference_id": "1532489", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14658?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/14660?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ym8-nhsc-j7hf" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-m1gb-mydp-bbez" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000481", "GHSA-8g72-gq68-6gqh", "PYSEC-2018-70" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ys36-9r8f-63ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218157?format=api", "vulnerability_id": "VCID-z48y-dbfw-ubea", "summary": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53951", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33513" }, { "reference_url": "https://github.com/advisories/GHSA-fj67-w3m4-rfmp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj67-w3m4-rfmp" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33513" }, { "reference_url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33513", "GHSA-fj67-w3m4-rfmp", "PYSEC-2021-85" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z48y-dbfw-ubea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62497?format=api", "vulnerability_id": "VCID-znrm-edqa-nfbe", "summary": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68536", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22889" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22889", "reference_id": "CVE-2024-22889", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22889" }, { "reference_url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9", "reference_id": "CVE-2024-22889-Plone-v6.0.9", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:30:42Z/" } ], "url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9" }, { "reference_url": "https://github.com/advisories/GHSA-xg5p-8wg5-rhxm", "reference_id": "GHSA-xg5p-8wg5-rhxm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xg5p-8wg5-rhxm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/702768?format=api", "purl": "pkg:pypi/plone@6.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.10" } ], "aliases": [ "CVE-2024-22889", "GHSA-xg5p-8wg5-rhxm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znrm-edqa-nfbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218161?format=api", "vulnerability_id": "VCID-zny3-fyqj-h7bm", "summary": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50962", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33508" }, { "reference_url": "https://github.com/advisories/GHSA-rmpv-rcp6-v8wc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmpv-rcp6-v8wc" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33508", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33508" }, { "reference_url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64644?format=api", "purl": "pkg:pypi/plone@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-znrm-edqa-nfbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5" } ], "aliases": [ "CVE-2021-33508", "GHSA-rmpv-rcp6-v8wc", "PYSEC-2021-80" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zny3-fyqj-h7bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218154?format=api", "vulnerability_id": "VCID-zpcq-187m-p3hk", "summary": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00943", "scoring_system": "epss", "scoring_elements": "0.76722", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32633" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74512", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32674" }, { "reference_url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633" }, { "reference_url": "https://github.com/advisories/GHSA-5vq5-pg3r-9ph3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vq5-pg3r-9ph3" }, { "reference_url": "https://github.com/advisories/GHSA-962m-m8jw-8wrr", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-962m-m8jw-8wrr" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml" }, { "reference_url": "https://github.com/zopefoundation/Zope", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope" }, { "reference_url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21" }, { "reference_url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91" }, { "reference_url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36" }, { "reference_url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32633", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32674", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32674" }, { "reference_url": "https://pypi.org/project/Zope", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Zope" }, { "reference_url": "https://pypi.org/project/Zope/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/Zope/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" }, { "reference_url": "https://github.com/advisories/GHSA-5pr9-v234-jw36", "reference_id": "GHSA-5pr9-v234-jw36", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pr9-v234-jw36" }, { "reference_url": "https://github.com/advisories/GHSA-rpcg-f9q6-2mq6", "reference_id": "GHSA-rpcg-f9q6-2mq6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpcg-f9q6-2mq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48628?format=api", "purl": "pkg:pypi/plone@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1" } ], "aliases": [ "CVE-2021-32633", "CVE-2021-32674", "GHSA-5pr9-v234-jw36", "GHSA-5vq5-pg3r-9ph3", "GHSA-962m-m8jw-8wrr", "GHSA-rpcg-f9q6-2mq6", "PYSEC-2021-104", "PYSEC-2021-88" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcq-187m-p3hk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217406?format=api", "vulnerability_id": "VCID-1e1b-7fkz-rybz", "summary": "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\"", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68875", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-w3pw-qxjj-6prr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w3pw-qxjj-6prr" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4188" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4188", "GHSA-w3pw-qxjj-6prr", "PYSEC-2014-52" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1e1b-7fkz-rybz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217412?format=api", "vulnerability_id": "VCID-afnm-51yp-4bhc", "summary": "zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54518", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-grwx-4p5v-9g2g", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grwx-4p5v-9g2g" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4191", "GHSA-grwx-4p5v-9g2g", "PYSEC-2014-55" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afnm-51yp-4bhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217408?format=api", "vulnerability_id": "VCID-cfen-6xpt-rqa3", "summary": "The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55373", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-mm32-jw73-9227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm32-jw73-9227" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4194", "GHSA-mm32-jw73-9227", "PYSEC-2014-58" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfen-6xpt-rqa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217413?format=api", "vulnerability_id": "VCID-dur5-cy82-1kex", "summary": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52297", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4195", "GHSA-j67j-8hrp-76xm", "PYSEC-2014-59" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dur5-cy82-1kex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217409?format=api", "vulnerability_id": "VCID-dwph-zncb-fkhv", "summary": "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44468", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-f5h9-3hpf-9j8m", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f5h9-3hpf-9j8m" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4192", "GHSA-f5h9-3hpf-9j8m", "PYSEC-2014-56" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwph-zncb-fkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209286?format=api", "vulnerability_id": "VCID-jduh-f7z9-3qcc", "summary": "Plone Zope cross-site scripting (XSS) vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7062" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/467", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/467" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/485", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/485" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-218.yaml" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager" }, { "reference_url": "https://plone.org/security/20131210/zope-xss-in-OFS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/20131210/zope-xss-in-OFS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392", "reference_id": "1040392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040392" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062", "reference_id": "CVE-2013-7062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7062" }, { "reference_url": "https://github.com/advisories/GHSA-4793-w44w-m7xm", "reference_id": "GHSA-4793-w44w-m7xm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4793-w44w-m7xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13281?format=api", "purl": "pkg:pypi/plone@3.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1e1b-7fkz-rybz" }, { "vulnerability": "VCID-1j4m-pw7f-augk" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-21n8-a2su-nbbd" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-7zku-wweg-xua6" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-afnm-51yp-4bhc" }, { "vulnerability": "VCID-asdu-my4z-4kct" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-cfen-6xpt-rqa3" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-dur5-cy82-1kex" }, { "vulnerability": "VCID-dwph-zncb-fkhv" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kmz7-9j1z-6fdp" }, { "vulnerability": "VCID-m758-7mkw-g7ac" }, { "vulnerability": "VCID-m7pv-me1q-6kh7" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nedk-vykq-xfda" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rdn1-sepc-xbdm" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-su9w-erpw-mqc3" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-uty1-5bvq-ffda" }, { "vulnerability": "VCID-vym8-d8sa-bye2" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-wxz6-ka2n-jbdz" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" }, { "vulnerability": "VCID-zpsw-2yqh-dqb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/45251?format=api", "purl": "pkg:pypi/plone@4.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1e1b-7fkz-rybz" }, { "vulnerability": "VCID-1j4m-pw7f-augk" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-21n8-a2su-nbbd" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-7zku-wweg-xua6" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-afnm-51yp-4bhc" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-cfen-6xpt-rqa3" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-dur5-cy82-1kex" }, { "vulnerability": "VCID-dwph-zncb-fkhv" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kmz7-9j1z-6fdp" }, { "vulnerability": "VCID-m758-7mkw-g7ac" }, { "vulnerability": "VCID-m7pv-me1q-6kh7" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nedk-vykq-xfda" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rdn1-sepc-xbdm" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-su9w-erpw-mqc3" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-uty1-5bvq-ffda" }, { "vulnerability": "VCID-vym8-d8sa-bye2" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-wxz6-ka2n-jbdz" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" }, { "vulnerability": "VCID-zpsw-2yqh-dqb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20794?format=api", "purl": "pkg:pypi/plone@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1e1b-7fkz-rybz" }, { "vulnerability": "VCID-1j4m-pw7f-augk" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-21n8-a2su-nbbd" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-afnm-51yp-4bhc" }, { "vulnerability": "VCID-bdam-dhg3-5kap" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-cfen-6xpt-rqa3" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-dur5-cy82-1kex" }, { "vulnerability": "VCID-dwph-zncb-fkhv" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kmz7-9j1z-6fdp" }, { "vulnerability": "VCID-m7pv-me1q-6kh7" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nedk-vykq-xfda" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rdn1-sepc-xbdm" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-su9w-erpw-mqc3" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-uty1-5bvq-ffda" }, { "vulnerability": "VCID-vym8-d8sa-bye2" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-wxz6-ka2n-jbdz" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" }, { "vulnerability": "VCID-zpsw-2yqh-dqb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/45287?format=api", "purl": "pkg:pypi/plone@4.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1e1b-7fkz-rybz" }, { "vulnerability": "VCID-1j4m-pw7f-augk" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-21n8-a2su-nbbd" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-afnm-51yp-4bhc" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-cfen-6xpt-rqa3" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-dur5-cy82-1kex" }, { "vulnerability": "VCID-dwph-zncb-fkhv" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kmz7-9j1z-6fdp" }, { "vulnerability": "VCID-m7pv-me1q-6kh7" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nedk-vykq-xfda" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rdn1-sepc-xbdm" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-su9w-erpw-mqc3" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-uty1-5bvq-ffda" }, { "vulnerability": "VCID-vym8-d8sa-bye2" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-wxz6-ka2n-jbdz" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" }, { "vulnerability": "VCID-zpsw-2yqh-dqb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/20796?format=api", "purl": "pkg:pypi/plone@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/46590?format=api", "purl": "pkg:pypi/plone@4.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-bdam-dhg3-5kap" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13256?format=api", "purl": "pkg:pypi/plone@4.3a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46599?format=api", "purl": "pkg:pypi/plone@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.3" } ], "aliases": [ "CVE-2013-7062", "GHSA-4793-w44w-m7xm", "PYSEC-2020-218" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jduh-f7z9-3qcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217415?format=api", "vulnerability_id": "VCID-kmz7-9j1z-6fdp", "summary": "member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66339", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-jjvw-3h9j-p7jf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jjvw-3h9j-p7jf" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-61.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4197", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4197", "GHSA-jjvw-3h9j-p7jf", "PYSEC-2014-61" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmz7-9j1z-6fdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217411?format=api", "vulnerability_id": "VCID-m7pv-me1q-6kh7", "summary": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-qjxf-6pr8-j87v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qjxf-6pr8-j87v" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-62.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4198", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4198" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20130618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4198", "GHSA-qjxf-6pr8-j87v", "PYSEC-2014-62" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7pv-me1q-6kh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217407?format=api", "vulnerability_id": "VCID-nedk-vykq-xfda", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49253", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-89rq-27xp-vgv7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-89rq-27xp-vgv7" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-54.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4190", "GHSA-89rq-27xp-vgv7", "PYSEC-2014-54" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nedk-vykq-xfda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217405?format=api", "vulnerability_id": "VCID-rdn1-sepc-xbdm", "summary": "(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65549", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4199", "GHSA-xfjq-9rxq-ph6m", "PYSEC-2014-63" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdn1-sepc-xbdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217410?format=api", "vulnerability_id": "VCID-su9w-erpw-mqc3", "summary": "Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66339", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-pwpq-632g-h49g", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pwpq-632g-h49g" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-53.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4189", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4189" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4189", "GHSA-pwpq-632g-h49g", "PYSEC-2014-53" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-su9w-erpw-mqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217402?format=api", "vulnerability_id": "VCID-uty1-5bvq-ffda", "summary": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90278", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200" }, { "reference_url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/08/01/2" }, { "reference_url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt", "reference_id": "CVE-2013-4200;OSVDB-95863", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38738.txt" }, { "reference_url": "https://www.securityfocus.com/bid/61964/info", "reference_id": "CVE-2013-4200;OSVDB-95863", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/61964/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4200", "GHSA-56p3-rrp4-2j82", "PYSEC-2014-64" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uty1-5bvq-ffda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217414?format=api", "vulnerability_id": "VCID-wxz6-ka2n-jbdz", "summary": "The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55373", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4196", "GHSA-qphh-5fv5-2mjj", "PYSEC-2014-60" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxz6-ka2n-jbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217404?format=api", "vulnerability_id": "VCID-zpsw-2yqh-dqb8", "summary": "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54518", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/advisories/GHSA-6fgf-x7wg-hp8r", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6fgf-x7wg-hp8r" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-57.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4193" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13251?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-17pb-bgga-8ygp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-2ped-pk9p-5be3" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-3rsq-dq49-uyfg" }, { "vulnerability": "VCID-3ufm-n2ku-8uax" }, { "vulnerability": "VCID-4qbd-mwc7-7kdw" }, { "vulnerability": "VCID-4r5c-efmk-8feu" }, { "vulnerability": "VCID-556h-c8hm-6qfc" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-6xwh-jvge-fkf9" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-fpv9-t5ew-aqe2" }, { "vulnerability": "VCID-fxx5-msd8-1fh8" }, { "vulnerability": "VCID-fz81-dgb8-27gh" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-m98v-y63a-1yfr" }, { "vulnerability": "VCID-mqru-hkfz-xkan" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-p3mr-uajx-k7gg" }, { "vulnerability": "VCID-pbhm-ufh6-cufd" }, { "vulnerability": "VCID-pv6u-hm6u-hbc1" }, { "vulnerability": "VCID-q5np-v195-tkbz" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rqej-4883-q3ee" }, { "vulnerability": "VCID-rsqs-u4ct-gbar" }, { "vulnerability": "VCID-rx3j-xjyn-6qbj" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-tw7a-kck8-83dq" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-wxg7-n2p4-ayhw" }, { "vulnerability": "VCID-xpdr-51cb-yudn" }, { "vulnerability": "VCID-xsyw-pfvg-4qfm" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-ys4v-vwrn-4fa7" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46299?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20792?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14h5-hnhw-zuc2" }, { "vulnerability": "VCID-177r-1ryk-pfbp" }, { "vulnerability": "VCID-1rvm-wt1t-kucb" }, { "vulnerability": "VCID-213v-yc9d-u7dx" }, { "vulnerability": "VCID-37gz-3kz2-pyh5" }, { "vulnerability": "VCID-3kbx-xrnj-nyfu" }, { "vulnerability": "VCID-4yk1-dgbv-rubx" }, { "vulnerability": "VCID-5qmx-515u-dbdq" }, { "vulnerability": "VCID-7h1m-1f34-5qcs" }, { "vulnerability": "VCID-7w2h-6rxu-xqcd" }, { "vulnerability": "VCID-8kb4-bxbj-4udw" }, { "vulnerability": "VCID-9qpy-74mb-cfc6" }, { "vulnerability": "VCID-br6e-6exv-ykg6" }, { "vulnerability": "VCID-d874-w13w-qkey" }, { "vulnerability": "VCID-ezb4-3xtr-h3g6" }, { "vulnerability": "VCID-hb8u-3ubs-x7hf" }, { "vulnerability": "VCID-hgwu-kg1s-ffcn" }, { "vulnerability": "VCID-jduh-f7z9-3qcc" }, { "vulnerability": "VCID-jp3d-8ja2-c3a6" }, { "vulnerability": "VCID-kcx4-zkp3-xucf" }, { "vulnerability": "VCID-kzvb-7yn4-qbb9" }, { "vulnerability": "VCID-mu4f-29hh-dbhp" }, { "vulnerability": "VCID-n722-gtzf-gqgd" }, { "vulnerability": "VCID-nkez-59zg-8fan" }, { "vulnerability": "VCID-nr4g-tdxq-byhh" }, { "vulnerability": "VCID-nzjx-cckn-dfbc" }, { "vulnerability": "VCID-qmqy-eng1-3ka6" }, { "vulnerability": "VCID-qww5-d5cg-jfb5" }, { "vulnerability": "VCID-rmp2-rsv7-auds" }, { "vulnerability": "VCID-rxv3-yw68-a3cp" }, { "vulnerability": "VCID-t8kn-cm9s-yfgv" }, { "vulnerability": "VCID-tkhq-78vd-aygx" }, { "vulnerability": "VCID-ub1u-ev6d-sugd" }, { "vulnerability": "VCID-utck-uem9-n7a6" }, { "vulnerability": "VCID-w7wr-p69p-13dw" }, { "vulnerability": "VCID-xzvt-13fh-tubp" }, { "vulnerability": "VCID-ys36-9r8f-63ab" }, { "vulnerability": "VCID-z48y-dbfw-ubea" }, { "vulnerability": "VCID-znrm-edqa-nfbe" }, { "vulnerability": "VCID-zny3-fyqj-h7bm" }, { "vulnerability": "VCID-zpcq-187m-p3hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4193", "GHSA-6fgf-x7wg-hp8r", "PYSEC-2014-57" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpsw-2yqh-dqb8" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" }