Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/plone@4.3.9
Typepypi
Namespace
Nameplone
Version4.3.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.10
Latest_non_vulnerable_version6.0.10
Affected_by_vulnerabilities
0
url VCID-177r-1ryk-pfbp
vulnerability_id VCID-177r-1ryk-pfbp
summary Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7140
reference_id
reference_type
scores
0
value 0.00491
scoring_system epss
scoring_elements 0.66058
published_at 2026-06-11T12:55:00Z
1
value 0.00491
scoring_system epss
scoring_elements 0.66153
published_at 2026-06-12T12:55:00Z
2
value 0.00491
scoring_system epss
scoring_elements 0.66167
published_at 2026-06-13T12:55:00Z
3
value 0.00491
scoring_system epss
scoring_elements 0.66164
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7140
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-chvw-gjxf-f8mc
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chvw-gjxf-f8mc
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7140
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7140
8
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2
9
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
10
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
11
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
12
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92752
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373466
reference_id 1373466
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373466
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7140, GHSA-chvw-gjxf-f8mc, PYSEC-2017-63
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-177r-1ryk-pfbp
1
url VCID-1rvm-wt1t-kucb
vulnerability_id VCID-1rvm-wt1t-kucb
summary Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7147
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53638
published_at 2026-06-11T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53764
published_at 2026-06-12T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53781
published_at 2026-06-13T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53765
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7147
1
reference_url https://github.com/advisories/GHSA-84jm-cpc5-c7g7
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-84jm-cpc5-c7g7
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-64.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7147
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7147
5
reference_url https://plone.org/security/hotfix/20170117
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20170117
6
reference_url https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2
7
reference_url https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170214002551/http://www.securityfocus.com/bid/96117
8
reference_url https://www.curesec.com/blog/article/blog/Plone-XSS-186.html
reference_id
reference_type
scores
url https://www.curesec.com/blog/article/blog/Plone-XSS-186.html
9
reference_url http://www.curesec.com/blog/article/blog/Plone-XSS-186.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.curesec.com/blog/article/blog/Plone-XSS-186.html
10
reference_url http://www.securityfocus.com/bid/96117
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96117
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7147, GHSA-84jm-cpc5-c7g7, PYSEC-2017-64
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rvm-wt1t-kucb
2
url VCID-213v-yc9d-u7dx
vulnerability_id VCID-213v-yc9d-u7dx
summary Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28734
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65733
published_at 2026-06-11T12:55:00Z
1
value 0.00484
scoring_system epss
scoring_elements 0.6583
published_at 2026-06-12T12:55:00Z
2
value 0.00484
scoring_system epss
scoring_elements 0.65844
published_at 2026-06-13T12:55:00Z
3
value 0.00484
scoring_system epss
scoring_elements 0.6584
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28734
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-wq6x-g685-w5f2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wq6x-g685-w5f2
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28734
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28734
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ym8-nhsc-j7hf
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7w2h-6rxu-xqcd
3
vulnerability VCID-9qpy-74mb-cfc6
4
vulnerability VCID-br6e-6exv-ykg6
5
vulnerability VCID-d874-w13w-qkey
6
vulnerability VCID-hb8u-3ubs-x7hf
7
vulnerability VCID-hgwu-kg1s-ffcn
8
vulnerability VCID-mu4f-29hh-dbhp
9
vulnerability VCID-qmqy-eng1-3ka6
10
vulnerability VCID-z48y-dbfw-ubea
11
vulnerability VCID-znrm-edqa-nfbe
12
vulnerability VCID-zny3-fyqj-h7bm
13
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28734, GHSA-wq6x-g685-w5f2, PYSEC-2020-246
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-213v-yc9d-u7dx
3
url VCID-37gz-3kz2-pyh5
vulnerability_id VCID-37gz-3kz2-pyh5
summary A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52683
published_at 2026-06-12T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52554
published_at 2026-06-11T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52679
published_at 2026-06-14T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52697
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000482
2
reference_url https://github.com/advisories/GHSA-859j-668v-mrr6
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-859j-668v-mrr6
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
5
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
6
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
7
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
8
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
12
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000482
15
reference_url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
reference_id 1532485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532485
fixed_packages
0
url pkg:pypi/plone@4.3.16
purl pkg:pypi/plone@4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16
1
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000482, GHSA-859j-668v-mrr6, PYSEC-2018-71
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37gz-3kz2-pyh5
4
url VCID-4yk1-dgbv-rubx
vulnerability_id VCID-4yk1-dgbv-rubx
summary An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33926
reference_id
reference_type
scores
0
value 0.00501
scoring_system epss
scoring_elements 0.66463
published_at 2026-06-11T12:55:00Z
1
value 0.00501
scoring_system epss
scoring_elements 0.66568
published_at 2026-06-14T12:55:00Z
2
value 0.00501
scoring_system epss
scoring_elements 0.6657
published_at 2026-06-13T12:55:00Z
3
value 0.00501
scoring_system epss
scoring_elements 0.66556
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33926
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
4
reference_url https://plone.org/security/hotfix/20210518
reference_id 20210518
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://plone.org/security/hotfix/20210518
5
reference_url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
reference_id blind-ssrf-via-feedparser-accessing-an-internal-url
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
6
reference_url https://github.com/advisories/GHSA-47p5-p3jw-w78w
reference_id GHSA-47p5-p3jw-w78w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47p5-p3jw-w78w
7
reference_url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
reference_id Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/
url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yk1-dgbv-rubx
5
url VCID-5qmx-515u-dbdq
vulnerability_id VCID-5qmx-515u-dbdq
summary Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7137.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7137
reference_id
reference_type
scores
0
value 0.00477
scoring_system epss
scoring_elements 0.65466
published_at 2026-06-14T12:55:00Z
1
value 0.00477
scoring_system epss
scoring_elements 0.65357
published_at 2026-06-11T12:55:00Z
2
value 0.00477
scoring_system epss
scoring_elements 0.65457
published_at 2026-06-12T12:55:00Z
3
value 0.00477
scoring_system epss
scoring_elements 0.65468
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7137
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-69vh-662j-v988
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69vh-662j-v988
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-60.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7137
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7137
8
reference_url https://plone.org/security/hotfix/20160830/open-redirection-in-plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/open-redirection-in-plone
9
reference_url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
10
reference_url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
11
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
12
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
13
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
14
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/92752
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373440
reference_id 1373440
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373440
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7137, GHSA-69vh-662j-v988, PYSEC-2017-60
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qmx-515u-dbdq
6
url VCID-7h1m-1f34-5qcs
vulnerability_id VCID-7h1m-1f34-5qcs
summary Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
references
0
reference_url http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt
1
reference_url http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7293
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56486
published_at 2026-06-11T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56605
published_at 2026-06-12T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56619
published_at 2026-06-13T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56608
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7293
3
reference_url https://github.com/advisories/GHSA-p3qm-44cf-f8qx
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3qm-44cf-f8qx
4
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7293
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7293
7
reference_url https://plone.org/security/hotfix/20151006
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20151006
8
reference_url https://pypi.python.org/pypi/plone4.csrffixes
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/plone4.csrffixes
9
reference_url https://www.exploit-db.com/exploits/38411
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/38411
10
reference_url https://www.exploit-db.com/exploits/38411/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/38411/
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt
reference_id CVE-2015-7293;OSVDB-128533;OSVDB-128532
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt
12
reference_url https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf
reference_id CVE-2015-7293;OSVDB-128533;OSVDB-128532
reference_type exploit
scores
url https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf
fixed_packages
0
url pkg:pypi/plone@5.0a1
purl pkg:pypi/plone@5.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-177r-1ryk-pfbp
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-37gz-3kz2-pyh5
4
vulnerability VCID-3kbx-xrnj-nyfu
5
vulnerability VCID-4yk1-dgbv-rubx
6
vulnerability VCID-7w2h-6rxu-xqcd
7
vulnerability VCID-8kb4-bxbj-4udw
8
vulnerability VCID-9qpy-74mb-cfc6
9
vulnerability VCID-br6e-6exv-ykg6
10
vulnerability VCID-d874-w13w-qkey
11
vulnerability VCID-ezb4-3xtr-h3g6
12
vulnerability VCID-hb8u-3ubs-x7hf
13
vulnerability VCID-hgwu-kg1s-ffcn
14
vulnerability VCID-kzvb-7yn4-qbb9
15
vulnerability VCID-mu4f-29hh-dbhp
16
vulnerability VCID-n722-gtzf-gqgd
17
vulnerability VCID-nzjx-cckn-dfbc
18
vulnerability VCID-qmqy-eng1-3ka6
19
vulnerability VCID-rmp2-rsv7-auds
20
vulnerability VCID-rxv3-yw68-a3cp
21
vulnerability VCID-t8kn-cm9s-yfgv
22
vulnerability VCID-tkhq-78vd-aygx
23
vulnerability VCID-ub1u-ev6d-sugd
24
vulnerability VCID-utck-uem9-n7a6
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1
aliases CVE-2015-7293, GHSA-p3qm-44cf-f8qx, PYSEC-2017-51
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h1m-1f34-5qcs
7
url VCID-7w2h-6rxu-xqcd
vulnerability_id VCID-7w2h-6rxu-xqcd
summary Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33507
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52353
published_at 2026-06-11T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52482
published_at 2026-06-12T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.52494
published_at 2026-06-13T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.52477
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33507
1
reference_url https://github.com/advisories/GHSA-35rg-466w-77h3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-35rg-466w-77h3
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33507
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33507
4
reference_url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
5
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7w2h-6rxu-xqcd
8
url VCID-8kb4-bxbj-4udw
vulnerability_id VCID-8kb4-bxbj-4udw
summary SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7939
reference_id
reference_type
scores
0
value 0.00405
scoring_system epss
scoring_elements 0.61448
published_at 2026-06-11T12:55:00Z
1
value 0.00405
scoring_system epss
scoring_elements 0.61552
published_at 2026-06-12T12:55:00Z
2
value 0.00405
scoring_system epss
scoring_elements 0.61559
published_at 2026-06-13T12:55:00Z
3
value 0.00405
scoring_system epss
scoring_elements 0.61555
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7939
2
reference_url https://github.com/advisories/GHSA-hhmf-7rgg-gcw5
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhmf-7rgg-gcw5
3
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7939
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7939
6
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
7
reference_url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
8
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
9
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798204
reference_id 1798204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798204
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-9qpy-74mb-cfc6
5
vulnerability VCID-br6e-6exv-ykg6
6
vulnerability VCID-d874-w13w-qkey
7
vulnerability VCID-hb8u-3ubs-x7hf
8
vulnerability VCID-hgwu-kg1s-ffcn
9
vulnerability VCID-mu4f-29hh-dbhp
10
vulnerability VCID-qmqy-eng1-3ka6
11
vulnerability VCID-t8kn-cm9s-yfgv
12
vulnerability VCID-utck-uem9-n7a6
13
vulnerability VCID-z48y-dbfw-ubea
14
vulnerability VCID-znrm-edqa-nfbe
15
vulnerability VCID-zny3-fyqj-h7bm
16
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7939, GHSA-hhmf-7rgg-gcw5, PYSEC-2020-88
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kb4-bxbj-4udw
9
url VCID-9qpy-74mb-cfc6
vulnerability_id VCID-9qpy-74mb-cfc6
summary Plone XSS in User Fullname Property and File Upload
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3313
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63916
published_at 2026-06-12T12:55:00Z
1
value 0.00444
scoring_system epss
scoring_elements 0.63814
published_at 2026-06-11T12:55:00Z
2
value 0.00444
scoring_system epss
scoring_elements 0.63928
published_at 2026-06-14T12:55:00Z
3
value 0.00444
scoring_system epss
scoring_elements 0.63929
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3313
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml
3
reference_url https://plone.org/download/releases/5.2.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/download/releases/5.2.3
4
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
5
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
6
reference_url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
7
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3313
reference_id CVE-2021-3313
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3313
9
reference_url https://github.com/advisories/GHSA-hprr-4vfq-fcxw
reference_id GHSA-hprr-4vfq-fcxw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hprr-4vfq-fcxw
fixed_packages
0
url pkg:pypi/plone@5.2.4
purl pkg:pypi/plone@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ym8-nhsc-j7hf
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7w2h-6rxu-xqcd
3
vulnerability VCID-br6e-6exv-ykg6
4
vulnerability VCID-hb8u-3ubs-x7hf
5
vulnerability VCID-hgwu-kg1s-ffcn
6
vulnerability VCID-mu4f-29hh-dbhp
7
vulnerability VCID-qmqy-eng1-3ka6
8
vulnerability VCID-z48y-dbfw-ubea
9
vulnerability VCID-znrm-edqa-nfbe
10
vulnerability VCID-zny3-fyqj-h7bm
11
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4
aliases CVE-2021-3313, GHSA-hprr-4vfq-fcxw, PYSEC-2021-78
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpy-74mb-cfc6
10
url VCID-br6e-6exv-ykg6
vulnerability_id VCID-br6e-6exv-ykg6
summary Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33511
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.5134
published_at 2026-06-11T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51471
published_at 2026-06-14T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.51485
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33511
1
reference_url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33511
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33511
5
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br6e-6exv-ykg6
11
url VCID-d874-w13w-qkey
vulnerability_id VCID-d874-w13w-qkey
summary Plone XSS Vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29002
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54553
published_at 2026-06-11T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54696
published_at 2026-06-13T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54679
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29002
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://github.com/plone/Products.CMFPlone/issues/3255
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3255
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml
4
reference_url https://www.exploit-db.com/exploits/49668
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/49668
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29002
reference_id CVE-2021-29002
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29002
6
reference_url https://github.com/advisories/GHSA-38g6-x6jv-jwff
reference_id GHSA-38g6-x6jv-jwff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38g6-x6jv-jwff
fixed_packages
0
url pkg:pypi/plone@5.2.4
purl pkg:pypi/plone@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ym8-nhsc-j7hf
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7w2h-6rxu-xqcd
3
vulnerability VCID-br6e-6exv-ykg6
4
vulnerability VCID-hb8u-3ubs-x7hf
5
vulnerability VCID-hgwu-kg1s-ffcn
6
vulnerability VCID-mu4f-29hh-dbhp
7
vulnerability VCID-qmqy-eng1-3ka6
8
vulnerability VCID-z48y-dbfw-ubea
9
vulnerability VCID-znrm-edqa-nfbe
10
vulnerability VCID-zny3-fyqj-h7bm
11
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4
aliases CVE-2021-29002, GHSA-38g6-x6jv-jwff, PYSEC-2021-889
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d874-w13w-qkey
12
url VCID-ezb4-3xtr-h3g6
vulnerability_id VCID-ezb4-3xtr-h3g6
summary Plone Sandbox Escape
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5524
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40073
published_at 2026-06-11T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40254
published_at 2026-06-14T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40265
published_at 2026-06-13T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40241
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5524
2
reference_url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
3
reference_url https://github.com/plone/Products.CMFPlone/pull/1912
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/1912
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
5
reference_url https://plone.org/security/hotfix/20170117/sandbox-escape
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20170117/sandbox-escape
6
reference_url http://www.openwall.com/lists/oss-security/2017/01/18/6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2017/01/18/6
7
reference_url http://www.securityfocus.com/bid/95679
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95679
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436640
reference_id 1436640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1436640
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
reference_id CVE-2017-5524
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
10
reference_url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
reference_id GHSA-p5wr-vp8g-q5p4
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
2
url pkg:pypi/plone@5.1b1
purl pkg:pypi/plone@5.1b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-m1gb-mydp-bbez
13
vulnerability VCID-mu4f-29hh-dbhp
14
vulnerability VCID-n722-gtzf-gqgd
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-w7wr-p69p-13dw
21
vulnerability VCID-ys36-9r8f-63ab
22
vulnerability VCID-z48y-dbfw-ubea
23
vulnerability VCID-znrm-edqa-nfbe
24
vulnerability VCID-zny3-fyqj-h7bm
25
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1
aliases CVE-2017-5524, GHSA-p5wr-vp8g-q5p4, PYSEC-2017-81
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezb4-3xtr-h3g6
13
url VCID-hb8u-3ubs-x7hf
vulnerability_id VCID-hb8u-3ubs-x7hf
summary Cross-Frame Scripting vulnerability has been found on Plone CMS
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0669
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16087
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15946
published_at 2026-06-11T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.16064
published_at 2026-06-14T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16098
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0669
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-0669
reference_id CVE-2024-0669
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-0669
4
reference_url https://github.com/advisories/GHSA-5xfx-55x4-j223
reference_id GHSA-5xfx-55x4-j223
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xfx-55x4-j223
fixed_packages
0
url pkg:pypi/plone@6.0.6
purl pkg:pypi/plone@6.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.6
1
url pkg:pypi/plone@6.0.7
purl pkg:pypi/plone@6.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.7
aliases CVE-2024-0669, GHSA-5xfx-55x4-j223
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8u-3ubs-x7hf
14
url VCID-hgwu-kg1s-ffcn
vulnerability_id VCID-hgwu-kg1s-ffcn
summary Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33512
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.53951
published_at 2026-06-11T12:55:00Z
1
value 0.00302
scoring_system epss
scoring_elements 0.54077
published_at 2026-06-12T12:55:00Z
2
value 0.00302
scoring_system epss
scoring_elements 0.54095
published_at 2026-06-13T12:55:00Z
3
value 0.00302
scoring_system epss
scoring_elements 0.54081
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33512
1
reference_url https://github.com/advisories/GHSA-hm2h-f456-6j88
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hm2h-f456-6j88
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33512
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33512
4
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
5
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33512, GHSA-hm2h-f456-6j88, PYSEC-2021-84
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgwu-kg1s-ffcn
15
url VCID-jp3d-8ja2-c3a6
vulnerability_id VCID-jp3d-8ja2-c3a6
summary Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7138.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7138
reference_id
reference_type
scores
0
value 0.00491
scoring_system epss
scoring_elements 0.66058
published_at 2026-06-11T12:55:00Z
1
value 0.00491
scoring_system epss
scoring_elements 0.66164
published_at 2026-06-14T12:55:00Z
2
value 0.00491
scoring_system epss
scoring_elements 0.66167
published_at 2026-06-13T12:55:00Z
3
value 0.00491
scoring_system epss
scoring_elements 0.66153
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7138
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v3hp-f8qr-cf3p
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-61.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7138
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7138
8
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1
9
reference_url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
10
reference_url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
11
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
12
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
13
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
14
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/92752
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373442
reference_id 1373442
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373442
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7138, GHSA-v3hp-f8qr-cf3p, PYSEC-2017-61
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp3d-8ja2-c3a6
16
url VCID-kzvb-7yn4-qbb9
vulnerability_id VCID-kzvb-7yn4-qbb9
summary Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7940
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.57112
published_at 2026-06-11T12:55:00Z
1
value 0.0034
scoring_system epss
scoring_elements 0.5723
published_at 2026-06-12T12:55:00Z
2
value 0.0034
scoring_system epss
scoring_elements 0.57245
published_at 2026-06-13T12:55:00Z
3
value 0.0034
scoring_system epss
scoring_elements 0.57238
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7940
2
reference_url https://github.com/advisories/GHSA-cw58-gpgw-hwx2
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cw58-gpgw-hwx2
3
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7940
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7940
6
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
7
reference_url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
8
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
9
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798203
reference_id 1798203
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798203
fixed_packages
0
url pkg:pypi/plone@4.3.20
purl pkg:pypi/plone@4.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20
1
url pkg:pypi/plone@5.1.7
purl pkg:pypi/plone@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7
2
url pkg:pypi/plone@5.2.1
purl pkg:pypi/plone@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q73-sfre-3ffg
1
vulnerability VCID-213v-yc9d-u7dx
2
vulnerability VCID-2ym8-nhsc-j7hf
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-m1gb-mydp-bbez
13
vulnerability VCID-mu4f-29hh-dbhp
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-t8kn-cm9s-yfgv
16
vulnerability VCID-tkhq-78vd-aygx
17
vulnerability VCID-ub1u-ev6d-sugd
18
vulnerability VCID-utck-uem9-n7a6
19
vulnerability VCID-z48y-dbfw-ubea
20
vulnerability VCID-znrm-edqa-nfbe
21
vulnerability VCID-zny3-fyqj-h7bm
22
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1
3
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-9qpy-74mb-cfc6
5
vulnerability VCID-br6e-6exv-ykg6
6
vulnerability VCID-d874-w13w-qkey
7
vulnerability VCID-hb8u-3ubs-x7hf
8
vulnerability VCID-hgwu-kg1s-ffcn
9
vulnerability VCID-mu4f-29hh-dbhp
10
vulnerability VCID-qmqy-eng1-3ka6
11
vulnerability VCID-t8kn-cm9s-yfgv
12
vulnerability VCID-utck-uem9-n7a6
13
vulnerability VCID-z48y-dbfw-ubea
14
vulnerability VCID-znrm-edqa-nfbe
15
vulnerability VCID-zny3-fyqj-h7bm
16
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7940, GHSA-cw58-gpgw-hwx2, PYSEC-2020-89
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzvb-7yn4-qbb9
17
url VCID-mu4f-29hh-dbhp
vulnerability_id VCID-mu4f-29hh-dbhp
summary Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33509
reference_id
reference_type
scores
0
value 0.00846
scoring_system epss
scoring_elements 0.75265
published_at 2026-06-11T12:55:00Z
1
value 0.00846
scoring_system epss
scoring_elements 0.75335
published_at 2026-06-12T12:55:00Z
2
value 0.00846
scoring_system epss
scoring_elements 0.75349
published_at 2026-06-13T12:55:00Z
3
value 0.00846
scoring_system epss
scoring_elements 0.75345
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33509
1
reference_url https://github.com/advisories/GHSA-hm2p-fhwx-9285
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hm2p-fhwx-9285
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33509
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33509
5
reference_url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4f-29hh-dbhp
18
url VCID-n722-gtzf-gqgd
vulnerability_id VCID-n722-gtzf-gqgd
summary Plone Open Redirect
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000484
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41545
published_at 2026-06-11T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41719
published_at 2026-06-14T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41729
published_at 2026-06-13T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.41711
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000484
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
5
reference_url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532487
reference_id 1532487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532487
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
reference_id CVE-2017-1000484
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
8
reference_url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
reference_id GHSA-xvwv-6wvx-px9x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
fixed_packages
0
url pkg:pypi/plone@4.3.16
purl pkg:pypi/plone@4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16
1
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n722-gtzf-gqgd
19
url VCID-nkez-59zg-8fan
vulnerability_id VCID-nkez-59zg-8fan
summary Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7139.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7139
reference_id
reference_type
scores
0
value 0.00491
scoring_system epss
scoring_elements 0.66164
published_at 2026-06-14T12:55:00Z
1
value 0.00491
scoring_system epss
scoring_elements 0.66058
published_at 2026-06-11T12:55:00Z
2
value 0.00491
scoring_system epss
scoring_elements 0.66167
published_at 2026-06-13T12:55:00Z
3
value 0.00491
scoring_system epss
scoring_elements 0.66153
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7139
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-pp4c-2692-7f37
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp4c-2692-7f37
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-62.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7139
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7139
8
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone
9
reference_url https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207134910/http://www.securityfocus.com/bid/92752
10
reference_url https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
11
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
12
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
13
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
14
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/92752
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373464
reference_id 1373464
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373464
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.6
purl pkg:pypi/plone@5.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-177r-1ryk-pfbp
1
vulnerability VCID-1rvm-wt1t-kucb
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-2ym8-nhsc-j7hf
4
vulnerability VCID-37gz-3kz2-pyh5
5
vulnerability VCID-4yk1-dgbv-rubx
6
vulnerability VCID-5qmx-515u-dbdq
7
vulnerability VCID-6e71-df37-yyf1
8
vulnerability VCID-7w2h-6rxu-xqcd
9
vulnerability VCID-8kb4-bxbj-4udw
10
vulnerability VCID-9qpy-74mb-cfc6
11
vulnerability VCID-br6e-6exv-ykg6
12
vulnerability VCID-d874-w13w-qkey
13
vulnerability VCID-ezb4-3xtr-h3g6
14
vulnerability VCID-hb8u-3ubs-x7hf
15
vulnerability VCID-hgwu-kg1s-ffcn
16
vulnerability VCID-jp3d-8ja2-c3a6
17
vulnerability VCID-kzvb-7yn4-qbb9
18
vulnerability VCID-m1gb-mydp-bbez
19
vulnerability VCID-mu4f-29hh-dbhp
20
vulnerability VCID-n722-gtzf-gqgd
21
vulnerability VCID-nkez-59zg-8fan
22
vulnerability VCID-nr4g-tdxq-byhh
23
vulnerability VCID-nzjx-cckn-dfbc
24
vulnerability VCID-qmqy-eng1-3ka6
25
vulnerability VCID-rmp2-rsv7-auds
26
vulnerability VCID-t8kn-cm9s-yfgv
27
vulnerability VCID-tkhq-78vd-aygx
28
vulnerability VCID-ub1u-ev6d-sugd
29
vulnerability VCID-utck-uem9-n7a6
30
vulnerability VCID-w7wr-p69p-13dw
31
vulnerability VCID-xzvt-13fh-tubp
32
vulnerability VCID-ys36-9r8f-63ab
33
vulnerability VCID-z48y-dbfw-ubea
34
vulnerability VCID-znrm-edqa-nfbe
35
vulnerability VCID-zny3-fyqj-h7bm
36
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.6
2
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7139, GHSA-pp4c-2692-7f37, PYSEC-2017-62
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nkez-59zg-8fan
20
url VCID-nr4g-tdxq-byhh
vulnerability_id VCID-nr4g-tdxq-byhh
summary z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7136.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7136.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7136
reference_id
reference_type
scores
0
value 0.00498
scoring_system epss
scoring_elements 0.66331
published_at 2026-06-11T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.66425
published_at 2026-06-12T12:55:00Z
2
value 0.00498
scoring_system epss
scoring_elements 0.66439
published_at 2026-06-13T12:55:00Z
3
value 0.00498
scoring_system epss
scoring_elements 0.66436
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7136
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-22jm-p2vv-j2hc
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22jm-p2vv-j2hc
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-59.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7136
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7136
8
reference_url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms
9
reference_url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625091607/http://www.securityfocus.com/bid/92752
10
reference_url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210625092107/http://www.securityfocus.com/archive/1/539572/100/0/threaded
11
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
12
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
13
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
14
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92752
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373437
reference_id 1373437
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373437
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7136, GHSA-22jm-p2vv-j2hc, PYSEC-2017-59
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nr4g-tdxq-byhh
21
url VCID-nzjx-cckn-dfbc
vulnerability_id VCID-nzjx-cckn-dfbc
summary Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4041
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62909
published_at 2026-06-11T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.63011
published_at 2026-06-12T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.63023
published_at 2026-06-13T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.63019
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4041
1
reference_url https://github.com/advisories/GHSA-qqgj-22gr-73vx
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qqgj-22gr-73vx
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4041
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4041
5
reference_url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
6
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/04/20/1
fixed_packages
0
url pkg:pypi/plone@4.3.10
purl pkg:pypi/plone@4.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-177r-1ryk-pfbp
1
vulnerability VCID-1rvm-wt1t-kucb
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-37gz-3kz2-pyh5
4
vulnerability VCID-4yk1-dgbv-rubx
5
vulnerability VCID-5qmx-515u-dbdq
6
vulnerability VCID-7h1m-1f34-5qcs
7
vulnerability VCID-7w2h-6rxu-xqcd
8
vulnerability VCID-8kb4-bxbj-4udw
9
vulnerability VCID-9qpy-74mb-cfc6
10
vulnerability VCID-br6e-6exv-ykg6
11
vulnerability VCID-d874-w13w-qkey
12
vulnerability VCID-ezb4-3xtr-h3g6
13
vulnerability VCID-hb8u-3ubs-x7hf
14
vulnerability VCID-hgwu-kg1s-ffcn
15
vulnerability VCID-jp3d-8ja2-c3a6
16
vulnerability VCID-kzvb-7yn4-qbb9
17
vulnerability VCID-mu4f-29hh-dbhp
18
vulnerability VCID-n722-gtzf-gqgd
19
vulnerability VCID-nkez-59zg-8fan
20
vulnerability VCID-nr4g-tdxq-byhh
21
vulnerability VCID-nzjx-cckn-dfbc
22
vulnerability VCID-qmqy-eng1-3ka6
23
vulnerability VCID-rmp2-rsv7-auds
24
vulnerability VCID-t8kn-cm9s-yfgv
25
vulnerability VCID-tkhq-78vd-aygx
26
vulnerability VCID-ub1u-ev6d-sugd
27
vulnerability VCID-utck-uem9-n7a6
28
vulnerability VCID-w7wr-p69p-13dw
29
vulnerability VCID-xzvt-13fh-tubp
30
vulnerability VCID-ys36-9r8f-63ab
31
vulnerability VCID-z48y-dbfw-ubea
32
vulnerability VCID-znrm-edqa-nfbe
33
vulnerability VCID-zny3-fyqj-h7bm
34
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10
1
url pkg:pypi/plone@5.0.5
purl pkg:pypi/plone@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-177r-1ryk-pfbp
1
vulnerability VCID-1rvm-wt1t-kucb
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-2ym8-nhsc-j7hf
4
vulnerability VCID-37gz-3kz2-pyh5
5
vulnerability VCID-4yk1-dgbv-rubx
6
vulnerability VCID-5qmx-515u-dbdq
7
vulnerability VCID-6e71-df37-yyf1
8
vulnerability VCID-7w2h-6rxu-xqcd
9
vulnerability VCID-8kb4-bxbj-4udw
10
vulnerability VCID-9qpy-74mb-cfc6
11
vulnerability VCID-br6e-6exv-ykg6
12
vulnerability VCID-d874-w13w-qkey
13
vulnerability VCID-ezb4-3xtr-h3g6
14
vulnerability VCID-hb8u-3ubs-x7hf
15
vulnerability VCID-hgwu-kg1s-ffcn
16
vulnerability VCID-jp3d-8ja2-c3a6
17
vulnerability VCID-kzvb-7yn4-qbb9
18
vulnerability VCID-m1gb-mydp-bbez
19
vulnerability VCID-mu4f-29hh-dbhp
20
vulnerability VCID-n722-gtzf-gqgd
21
vulnerability VCID-nkez-59zg-8fan
22
vulnerability VCID-nr4g-tdxq-byhh
23
vulnerability VCID-nzjx-cckn-dfbc
24
vulnerability VCID-qmqy-eng1-3ka6
25
vulnerability VCID-rmp2-rsv7-auds
26
vulnerability VCID-t8kn-cm9s-yfgv
27
vulnerability VCID-tkhq-78vd-aygx
28
vulnerability VCID-ub1u-ev6d-sugd
29
vulnerability VCID-utck-uem9-n7a6
30
vulnerability VCID-w7wr-p69p-13dw
31
vulnerability VCID-xzvt-13fh-tubp
32
vulnerability VCID-ys36-9r8f-63ab
33
vulnerability VCID-z48y-dbfw-ubea
34
vulnerability VCID-znrm-edqa-nfbe
35
vulnerability VCID-zny3-fyqj-h7bm
36
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5
2
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-ezb4-3xtr-h3g6
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-qmqy-eng1-3ka6
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4041, GHSA-qqgj-22gr-73vx, PYSEC-2017-55
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzjx-cckn-dfbc
22
url VCID-qmqy-eng1-3ka6
vulnerability_id VCID-qmqy-eng1-3ka6
summary Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33510
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30522
published_at 2026-06-11T12:55:00Z
1
value 0.0012
scoring_system epss
scoring_elements 0.30718
published_at 2026-06-12T12:55:00Z
2
value 0.0012
scoring_system epss
scoring_elements 0.30737
published_at 2026-06-13T12:55:00Z
3
value 0.0012
scoring_system epss
scoring_elements 0.30722
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33510
1
reference_url https://github.com/advisories/GHSA-4mg4-wvmx-5332
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4mg4-wvmx-5332
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33510
5
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmqy-eng1-3ka6
23
url VCID-rmp2-rsv7-auds
vulnerability_id VCID-rmp2-rsv7-auds
summary Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4042
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.46003
published_at 2026-06-11T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.46148
published_at 2026-06-12T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.46155
published_at 2026-06-13T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.46141
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4042
1
reference_url https://github.com/advisories/GHSA-v4vj-49m5-wjhw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4vj-49m5-wjhw
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4042
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4042
5
reference_url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
6
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/04/20/2
fixed_packages
0
url pkg:pypi/plone@4.3.10
purl pkg:pypi/plone@4.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-177r-1ryk-pfbp
1
vulnerability VCID-1rvm-wt1t-kucb
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-37gz-3kz2-pyh5
4
vulnerability VCID-4yk1-dgbv-rubx
5
vulnerability VCID-5qmx-515u-dbdq
6
vulnerability VCID-7h1m-1f34-5qcs
7
vulnerability VCID-7w2h-6rxu-xqcd
8
vulnerability VCID-8kb4-bxbj-4udw
9
vulnerability VCID-9qpy-74mb-cfc6
10
vulnerability VCID-br6e-6exv-ykg6
11
vulnerability VCID-d874-w13w-qkey
12
vulnerability VCID-ezb4-3xtr-h3g6
13
vulnerability VCID-hb8u-3ubs-x7hf
14
vulnerability VCID-hgwu-kg1s-ffcn
15
vulnerability VCID-jp3d-8ja2-c3a6
16
vulnerability VCID-kzvb-7yn4-qbb9
17
vulnerability VCID-mu4f-29hh-dbhp
18
vulnerability VCID-n722-gtzf-gqgd
19
vulnerability VCID-nkez-59zg-8fan
20
vulnerability VCID-nr4g-tdxq-byhh
21
vulnerability VCID-nzjx-cckn-dfbc
22
vulnerability VCID-qmqy-eng1-3ka6
23
vulnerability VCID-rmp2-rsv7-auds
24
vulnerability VCID-t8kn-cm9s-yfgv
25
vulnerability VCID-tkhq-78vd-aygx
26
vulnerability VCID-ub1u-ev6d-sugd
27
vulnerability VCID-utck-uem9-n7a6
28
vulnerability VCID-w7wr-p69p-13dw
29
vulnerability VCID-xzvt-13fh-tubp
30
vulnerability VCID-ys36-9r8f-63ab
31
vulnerability VCID-z48y-dbfw-ubea
32
vulnerability VCID-znrm-edqa-nfbe
33
vulnerability VCID-zny3-fyqj-h7bm
34
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.10
1
url pkg:pypi/plone@5.0.5
purl pkg:pypi/plone@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-177r-1ryk-pfbp
1
vulnerability VCID-1rvm-wt1t-kucb
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-2ym8-nhsc-j7hf
4
vulnerability VCID-37gz-3kz2-pyh5
5
vulnerability VCID-4yk1-dgbv-rubx
6
vulnerability VCID-5qmx-515u-dbdq
7
vulnerability VCID-6e71-df37-yyf1
8
vulnerability VCID-7w2h-6rxu-xqcd
9
vulnerability VCID-8kb4-bxbj-4udw
10
vulnerability VCID-9qpy-74mb-cfc6
11
vulnerability VCID-br6e-6exv-ykg6
12
vulnerability VCID-d874-w13w-qkey
13
vulnerability VCID-ezb4-3xtr-h3g6
14
vulnerability VCID-hb8u-3ubs-x7hf
15
vulnerability VCID-hgwu-kg1s-ffcn
16
vulnerability VCID-jp3d-8ja2-c3a6
17
vulnerability VCID-kzvb-7yn4-qbb9
18
vulnerability VCID-m1gb-mydp-bbez
19
vulnerability VCID-mu4f-29hh-dbhp
20
vulnerability VCID-n722-gtzf-gqgd
21
vulnerability VCID-nkez-59zg-8fan
22
vulnerability VCID-nr4g-tdxq-byhh
23
vulnerability VCID-nzjx-cckn-dfbc
24
vulnerability VCID-qmqy-eng1-3ka6
25
vulnerability VCID-rmp2-rsv7-auds
26
vulnerability VCID-t8kn-cm9s-yfgv
27
vulnerability VCID-tkhq-78vd-aygx
28
vulnerability VCID-ub1u-ev6d-sugd
29
vulnerability VCID-utck-uem9-n7a6
30
vulnerability VCID-w7wr-p69p-13dw
31
vulnerability VCID-xzvt-13fh-tubp
32
vulnerability VCID-ys36-9r8f-63ab
33
vulnerability VCID-z48y-dbfw-ubea
34
vulnerability VCID-znrm-edqa-nfbe
35
vulnerability VCID-zny3-fyqj-h7bm
36
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5
2
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-ezb4-3xtr-h3g6
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-qmqy-eng1-3ka6
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4042, GHSA-v4vj-49m5-wjhw, PYSEC-2017-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmp2-rsv7-auds
24
url VCID-t8kn-cm9s-yfgv
vulnerability_id VCID-t8kn-cm9s-yfgv
summary Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28736
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65733
published_at 2026-06-11T12:55:00Z
1
value 0.00484
scoring_system epss
scoring_elements 0.6583
published_at 2026-06-12T12:55:00Z
2
value 0.00484
scoring_system epss
scoring_elements 0.65844
published_at 2026-06-13T12:55:00Z
3
value 0.00484
scoring_system epss
scoring_elements 0.6584
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28736
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-2c8c-84w2-j38j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2c8c-84w2-j38j
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28736
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28736
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ym8-nhsc-j7hf
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7w2h-6rxu-xqcd
3
vulnerability VCID-9qpy-74mb-cfc6
4
vulnerability VCID-br6e-6exv-ykg6
5
vulnerability VCID-d874-w13w-qkey
6
vulnerability VCID-hb8u-3ubs-x7hf
7
vulnerability VCID-hgwu-kg1s-ffcn
8
vulnerability VCID-mu4f-29hh-dbhp
9
vulnerability VCID-qmqy-eng1-3ka6
10
vulnerability VCID-z48y-dbfw-ubea
11
vulnerability VCID-znrm-edqa-nfbe
12
vulnerability VCID-zny3-fyqj-h7bm
13
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8kn-cm9s-yfgv
25
url VCID-tkhq-78vd-aygx
vulnerability_id VCID-tkhq-78vd-aygx
summary An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7936
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.57102
published_at 2026-06-11T12:55:00Z
1
value 0.0034
scoring_system epss
scoring_elements 0.57221
published_at 2026-06-12T12:55:00Z
2
value 0.0034
scoring_system epss
scoring_elements 0.57235
published_at 2026-06-13T12:55:00Z
3
value 0.0034
scoring_system epss
scoring_elements 0.57228
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7936
2
reference_url https://github.com/advisories/GHSA-82j9-wfcf-9v2h
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-82j9-wfcf-9v2h
3
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7936
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7936
6
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
7
reference_url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
8
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
9
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798205
reference_id 1798205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798205
fixed_packages
0
url pkg:pypi/plone@4.3.20
purl pkg:pypi/plone@4.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20
1
url pkg:pypi/plone@5.1.7
purl pkg:pypi/plone@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7
2
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-9qpy-74mb-cfc6
5
vulnerability VCID-br6e-6exv-ykg6
6
vulnerability VCID-d874-w13w-qkey
7
vulnerability VCID-hb8u-3ubs-x7hf
8
vulnerability VCID-hgwu-kg1s-ffcn
9
vulnerability VCID-mu4f-29hh-dbhp
10
vulnerability VCID-qmqy-eng1-3ka6
11
vulnerability VCID-t8kn-cm9s-yfgv
12
vulnerability VCID-utck-uem9-n7a6
13
vulnerability VCID-z48y-dbfw-ubea
14
vulnerability VCID-znrm-edqa-nfbe
15
vulnerability VCID-zny3-fyqj-h7bm
16
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7936, GHSA-82j9-wfcf-9v2h, PYSEC-2020-85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkhq-78vd-aygx
26
url VCID-ub1u-ev6d-sugd
vulnerability_id VCID-ub1u-ev6d-sugd
summary A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7941
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.70507
published_at 2026-06-11T12:55:00Z
1
value 0.00619
scoring_system epss
scoring_elements 0.70597
published_at 2026-06-12T12:55:00Z
2
value 0.00619
scoring_system epss
scoring_elements 0.70611
published_at 2026-06-13T12:55:00Z
3
value 0.00619
scoring_system epss
scoring_elements 0.70608
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7941
2
reference_url https://github.com/plone/plone.app.contenttypes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/plone.app.contenttypes
3
reference_url https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7941
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7941
6
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121
7
reference_url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
8
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/01/22/1
9
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/24/1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798201
reference_id 1798201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798201
11
reference_url https://github.com/advisories/GHSA-w6g9-xccc-347h
reference_id GHSA-w6g9-xccc-347h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6g9-xccc-347h
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-9qpy-74mb-cfc6
5
vulnerability VCID-br6e-6exv-ykg6
6
vulnerability VCID-d874-w13w-qkey
7
vulnerability VCID-hb8u-3ubs-x7hf
8
vulnerability VCID-hgwu-kg1s-ffcn
9
vulnerability VCID-mu4f-29hh-dbhp
10
vulnerability VCID-qmqy-eng1-3ka6
11
vulnerability VCID-t8kn-cm9s-yfgv
12
vulnerability VCID-utck-uem9-n7a6
13
vulnerability VCID-z48y-dbfw-ubea
14
vulnerability VCID-znrm-edqa-nfbe
15
vulnerability VCID-zny3-fyqj-h7bm
16
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7941, GHSA-w6g9-xccc-347h, PYSEC-2020-90
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub1u-ev6d-sugd
27
url VCID-utck-uem9-n7a6
vulnerability_id VCID-utck-uem9-n7a6
summary Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28735
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65733
published_at 2026-06-11T12:55:00Z
1
value 0.00484
scoring_system epss
scoring_elements 0.6583
published_at 2026-06-12T12:55:00Z
2
value 0.00484
scoring_system epss
scoring_elements 0.65844
published_at 2026-06-13T12:55:00Z
3
value 0.00484
scoring_system epss
scoring_elements 0.6584
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28735
1
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
2
reference_url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
3
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/3209
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28735
6
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ym8-nhsc-j7hf
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7w2h-6rxu-xqcd
3
vulnerability VCID-9qpy-74mb-cfc6
4
vulnerability VCID-br6e-6exv-ykg6
5
vulnerability VCID-d874-w13w-qkey
6
vulnerability VCID-hb8u-3ubs-x7hf
7
vulnerability VCID-hgwu-kg1s-ffcn
8
vulnerability VCID-mu4f-29hh-dbhp
9
vulnerability VCID-qmqy-eng1-3ka6
10
vulnerability VCID-z48y-dbfw-ubea
11
vulnerability VCID-znrm-edqa-nfbe
12
vulnerability VCID-zny3-fyqj-h7bm
13
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28735, GHSA-x7wf-5mjc-6x76, PYSEC-2020-247
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utck-uem9-n7a6
28
url VCID-w7wr-p69p-13dw
vulnerability_id VCID-w7wr-p69p-13dw
summary Plone Unauthorized Access Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000483
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53248
published_at 2026-06-12T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53121
published_at 2026-06-11T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.5325
published_at 2026-06-14T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53263
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000483
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml
4
reference_url https://plone.org/security/hotfix/20171128/sandbox-escape
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/sandbox-escape
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532484
reference_id 1532484
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532484
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000483
reference_id CVE-2017-1000483
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000483
7
reference_url https://github.com/advisories/GHSA-qc57-h2f7-p4hx
reference_id GHSA-qc57-h2f7-p4hx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc57-h2f7-p4hx
fixed_packages
0
url pkg:pypi/plone@4.3.16
purl pkg:pypi/plone@4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16
1
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000483, GHSA-qc57-h2f7-p4hx, PYSEC-2018-72
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7wr-p69p-13dw
29
url VCID-xzvt-13fh-tubp
vulnerability_id VCID-xzvt-13fh-tubp
summary Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
references
0
reference_url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7135.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7135.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7135
reference_id
reference_type
scores
0
value 0.007
scoring_system epss
scoring_elements 0.72572
published_at 2026-06-14T12:55:00Z
1
value 0.007
scoring_system epss
scoring_elements 0.72484
published_at 2026-06-11T12:55:00Z
2
value 0.007
scoring_system epss
scoring_elements 0.72562
published_at 2026-06-12T12:55:00Z
3
value 0.007
scoring_system epss
scoring_elements 0.72576
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7135
3
reference_url http://seclists.org/fulldisclosure/2016/Oct/80
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Oct/80
4
reference_url https://github.com/advisories/GHSA-m7f9-65wr-pwch
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m7f9-65wr-pwch
5
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-58.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-58.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7135
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7135
8
reference_url https://plone.org/security/hotfix/20160830/filesystem-information-leak
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20160830/filesystem-information-leak
9
reference_url https://pypi.org/project/Products.PloneHotfix20160830
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Products.PloneHotfix20160830
10
reference_url https://web.archive.org/web/20200227230348/http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227230348/http://www.securityfocus.com/bid/92752
11
reference_url https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207134911/http://www.securityfocus.com/archive/1/539572/100/0/threaded
12
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/4
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/4
13
reference_url http://www.openwall.com/lists/oss-security/2016/09/05/5
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/09/05/5
14
reference_url http://www.securityfocus.com/archive/1/539572/100/0/threaded
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/539572/100/0/threaded
15
reference_url http://www.securityfocus.com/bid/92752
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/92752
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1373397
reference_id 1373397
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1373397
fixed_packages
0
url pkg:pypi/plone@4.3.12
purl pkg:pypi/plone@4.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-37gz-3kz2-pyh5
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7h1m-1f34-5qcs
4
vulnerability VCID-7w2h-6rxu-xqcd
5
vulnerability VCID-8kb4-bxbj-4udw
6
vulnerability VCID-9qpy-74mb-cfc6
7
vulnerability VCID-br6e-6exv-ykg6
8
vulnerability VCID-d874-w13w-qkey
9
vulnerability VCID-hb8u-3ubs-x7hf
10
vulnerability VCID-hgwu-kg1s-ffcn
11
vulnerability VCID-kzvb-7yn4-qbb9
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-n722-gtzf-gqgd
14
vulnerability VCID-nzjx-cckn-dfbc
15
vulnerability VCID-qmqy-eng1-3ka6
16
vulnerability VCID-rmp2-rsv7-auds
17
vulnerability VCID-t8kn-cm9s-yfgv
18
vulnerability VCID-tkhq-78vd-aygx
19
vulnerability VCID-ub1u-ev6d-sugd
20
vulnerability VCID-utck-uem9-n7a6
21
vulnerability VCID-w7wr-p69p-13dw
22
vulnerability VCID-ys36-9r8f-63ab
23
vulnerability VCID-z48y-dbfw-ubea
24
vulnerability VCID-znrm-edqa-nfbe
25
vulnerability VCID-zny3-fyqj-h7bm
26
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12
1
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-37gz-3kz2-pyh5
3
vulnerability VCID-4yk1-dgbv-rubx
4
vulnerability VCID-6e71-df37-yyf1
5
vulnerability VCID-7w2h-6rxu-xqcd
6
vulnerability VCID-8kb4-bxbj-4udw
7
vulnerability VCID-9qpy-74mb-cfc6
8
vulnerability VCID-br6e-6exv-ykg6
9
vulnerability VCID-d874-w13w-qkey
10
vulnerability VCID-hb8u-3ubs-x7hf
11
vulnerability VCID-hgwu-kg1s-ffcn
12
vulnerability VCID-kzvb-7yn4-qbb9
13
vulnerability VCID-m1gb-mydp-bbez
14
vulnerability VCID-mu4f-29hh-dbhp
15
vulnerability VCID-n722-gtzf-gqgd
16
vulnerability VCID-nzjx-cckn-dfbc
17
vulnerability VCID-qmqy-eng1-3ka6
18
vulnerability VCID-rmp2-rsv7-auds
19
vulnerability VCID-t8kn-cm9s-yfgv
20
vulnerability VCID-tkhq-78vd-aygx
21
vulnerability VCID-ub1u-ev6d-sugd
22
vulnerability VCID-utck-uem9-n7a6
23
vulnerability VCID-w7wr-p69p-13dw
24
vulnerability VCID-ys36-9r8f-63ab
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
28
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
aliases CVE-2016-7135, GHSA-m7f9-65wr-pwch, PYSEC-2017-58
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzvt-13fh-tubp
30
url VCID-ys36-9r8f-63ab
vulnerability_id VCID-ys36-9r8f-63ab
summary When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41711
published_at 2026-06-12T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41719
published_at 2026-06-14T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41729
published_at 2026-06-13T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.41545
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000481
2
reference_url https://github.com/advisories/GHSA-8g72-gq68-6gqh
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g72-gq68-6gqh
3
reference_url https://github.com/plone/Products.CMFPlone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone
4
reference_url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab
5
reference_url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b
6
reference_url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8
7
reference_url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373
8
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/issues/2232
9
reference_url https://github.com/plone/Products.CMFPlone/pull/2233
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2233
10
reference_url https://github.com/plone/Products.CMFPlone/pull/2234
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2234
11
reference_url https://github.com/plone/Products.CMFPlone/pull/2235
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2235
12
reference_url https://github.com/plone/Products.CMFPlone/pull/2236
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Products.CMFPlone/pull/2236
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000481
15
reference_url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20171128/open-redirection-on-login-form
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
reference_id 1532489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1532489
fixed_packages
0
url pkg:pypi/plone@4.3.16
purl pkg:pypi/plone@4.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-4yk1-dgbv-rubx
2
vulnerability VCID-7h1m-1f34-5qcs
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-mu4f-29hh-dbhp
12
vulnerability VCID-n722-gtzf-gqgd
13
vulnerability VCID-nzjx-cckn-dfbc
14
vulnerability VCID-qmqy-eng1-3ka6
15
vulnerability VCID-rmp2-rsv7-auds
16
vulnerability VCID-t8kn-cm9s-yfgv
17
vulnerability VCID-tkhq-78vd-aygx
18
vulnerability VCID-ub1u-ev6d-sugd
19
vulnerability VCID-utck-uem9-n7a6
20
vulnerability VCID-z48y-dbfw-ubea
21
vulnerability VCID-znrm-edqa-nfbe
22
vulnerability VCID-zny3-fyqj-h7bm
23
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16
1
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-213v-yc9d-u7dx
1
vulnerability VCID-2ym8-nhsc-j7hf
2
vulnerability VCID-4yk1-dgbv-rubx
3
vulnerability VCID-7w2h-6rxu-xqcd
4
vulnerability VCID-8kb4-bxbj-4udw
5
vulnerability VCID-9qpy-74mb-cfc6
6
vulnerability VCID-br6e-6exv-ykg6
7
vulnerability VCID-d874-w13w-qkey
8
vulnerability VCID-hb8u-3ubs-x7hf
9
vulnerability VCID-hgwu-kg1s-ffcn
10
vulnerability VCID-kzvb-7yn4-qbb9
11
vulnerability VCID-m1gb-mydp-bbez
12
vulnerability VCID-mu4f-29hh-dbhp
13
vulnerability VCID-qmqy-eng1-3ka6
14
vulnerability VCID-t8kn-cm9s-yfgv
15
vulnerability VCID-tkhq-78vd-aygx
16
vulnerability VCID-ub1u-ev6d-sugd
17
vulnerability VCID-utck-uem9-n7a6
18
vulnerability VCID-z48y-dbfw-ubea
19
vulnerability VCID-znrm-edqa-nfbe
20
vulnerability VCID-zny3-fyqj-h7bm
21
vulnerability VCID-zpcq-187m-p3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000481, GHSA-8g72-gq68-6gqh, PYSEC-2018-70
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ys36-9r8f-63ab
31
url VCID-z48y-dbfw-ubea
vulnerability_id VCID-z48y-dbfw-ubea
summary Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33513
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.53951
published_at 2026-06-11T12:55:00Z
1
value 0.00302
scoring_system epss
scoring_elements 0.54077
published_at 2026-06-12T12:55:00Z
2
value 0.00302
scoring_system epss
scoring_elements 0.54095
published_at 2026-06-13T12:55:00Z
3
value 0.00302
scoring_system epss
scoring_elements 0.54081
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33513
1
reference_url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33513
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33513
5
reference_url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z48y-dbfw-ubea
32
url VCID-znrm-edqa-nfbe
vulnerability_id VCID-znrm-edqa-nfbe
summary Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22889
reference_id
reference_type
scores
0
value 0.00554
scoring_system epss
scoring_elements 0.68625
published_at 2026-06-12T12:55:00Z
1
value 0.00554
scoring_system epss
scoring_elements 0.68634
published_at 2026-06-14T12:55:00Z
2
value 0.00554
scoring_system epss
scoring_elements 0.68536
published_at 2026-06-11T12:55:00Z
3
value 0.00554
scoring_system epss
scoring_elements 0.68639
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22889
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22889
reference_id CVE-2024-22889
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22889
3
reference_url https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9
reference_id CVE-2024-22889-Plone-v6.0.9
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:30:42Z/
url https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9
4
reference_url https://github.com/advisories/GHSA-xg5p-8wg5-rhxm
reference_id GHSA-xg5p-8wg5-rhxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg5p-8wg5-rhxm
fixed_packages
0
url pkg:pypi/plone@6.0.10
purl pkg:pypi/plone@6.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.10
aliases CVE-2024-22889, GHSA-xg5p-8wg5-rhxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znrm-edqa-nfbe
33
url VCID-zny3-fyqj-h7bm
vulnerability_id VCID-zny3-fyqj-h7bm
summary Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33508
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50962
published_at 2026-06-11T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.51093
published_at 2026-06-12T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.51106
published_at 2026-06-13T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.51094
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33508
1
reference_url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
2
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/plone/Plone
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33508
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33508
5
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zny3-fyqj-h7bm
34
url VCID-zpcq-187m-p3hk
vulnerability_id VCID-zpcq-187m-p3hk
summary Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32633
reference_id
reference_type
scores
0
value 0.00943
scoring_system epss
scoring_elements 0.7679
published_at 2026-06-12T12:55:00Z
1
value 0.00943
scoring_system epss
scoring_elements 0.76722
published_at 2026-06-11T12:55:00Z
2
value 0.00943
scoring_system epss
scoring_elements 0.76798
published_at 2026-06-14T12:55:00Z
3
value 0.00943
scoring_system epss
scoring_elements 0.76804
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32633
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32674
reference_id
reference_type
scores
0
value 0.00801
scoring_system epss
scoring_elements 0.74584
published_at 2026-06-12T12:55:00Z
1
value 0.00801
scoring_system epss
scoring_elements 0.74597
published_at 2026-06-13T12:55:00Z
2
value 0.00801
scoring_system epss
scoring_elements 0.74512
published_at 2026-06-11T12:55:00Z
3
value 0.00801
scoring_system epss
scoring_elements 0.74596
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32674
2
reference_url https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633
3
reference_url https://github.com/advisories/GHSA-5vq5-pg3r-9ph3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5vq5-pg3r-9ph3
4
reference_url https://github.com/advisories/GHSA-962m-m8jw-8wrr
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-962m-m8jw-8wrr
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml
7
reference_url https://github.com/zopefoundation/Zope
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Zope
8
reference_url https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21
9
reference_url https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91
10
reference_url https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
4
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
5
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36
11
reference_url https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32633
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32633
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32674
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32674
14
reference_url https://pypi.org/project/Zope
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Zope
15
reference_url https://pypi.org/project/Zope/
reference_id
reference_type
scores
url https://pypi.org/project/Zope/
16
reference_url http://www.openwall.com/lists/oss-security/2021/05/21/1
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/21/1
17
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/22/1
18
reference_url https://github.com/advisories/GHSA-5pr9-v234-jw36
reference_id GHSA-5pr9-v234-jw36
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5pr9-v234-jw36
19
reference_url https://github.com/advisories/GHSA-rpcg-f9q6-2mq6
reference_id GHSA-rpcg-f9q6-2mq6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rpcg-f9q6-2mq6
fixed_packages
0
url pkg:pypi/plone@5.0a1
purl pkg:pypi/plone@5.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14h5-hnhw-zuc2
1
vulnerability VCID-177r-1ryk-pfbp
2
vulnerability VCID-213v-yc9d-u7dx
3
vulnerability VCID-37gz-3kz2-pyh5
4
vulnerability VCID-3kbx-xrnj-nyfu
5
vulnerability VCID-4yk1-dgbv-rubx
6
vulnerability VCID-7w2h-6rxu-xqcd
7
vulnerability VCID-8kb4-bxbj-4udw
8
vulnerability VCID-9qpy-74mb-cfc6
9
vulnerability VCID-br6e-6exv-ykg6
10
vulnerability VCID-d874-w13w-qkey
11
vulnerability VCID-ezb4-3xtr-h3g6
12
vulnerability VCID-hb8u-3ubs-x7hf
13
vulnerability VCID-hgwu-kg1s-ffcn
14
vulnerability VCID-kzvb-7yn4-qbb9
15
vulnerability VCID-mu4f-29hh-dbhp
16
vulnerability VCID-n722-gtzf-gqgd
17
vulnerability VCID-nzjx-cckn-dfbc
18
vulnerability VCID-qmqy-eng1-3ka6
19
vulnerability VCID-rmp2-rsv7-auds
20
vulnerability VCID-rxv3-yw68-a3cp
21
vulnerability VCID-t8kn-cm9s-yfgv
22
vulnerability VCID-tkhq-78vd-aygx
23
vulnerability VCID-ub1u-ev6d-sugd
24
vulnerability VCID-utck-uem9-n7a6
25
vulnerability VCID-z48y-dbfw-ubea
26
vulnerability VCID-znrm-edqa-nfbe
27
vulnerability VCID-zny3-fyqj-h7bm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1
1
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hb8u-3ubs-x7hf
1
vulnerability VCID-znrm-edqa-nfbe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-32633, CVE-2021-32674, GHSA-5pr9-v234-jw36, GHSA-5vq5-pg3r-9ph3, GHSA-962m-m8jw-8wrr, GHSA-rpcg-f9q6-2mq6, PYSEC-2021-104, PYSEC-2021-88
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcq-187m-p3hk
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.9