{"url":"http://public2.vulnerablecode.io/api/packages/48636?format=json","purl":"pkg:pypi/plone@5.0rc2","type":"pypi","namespace":"","name":"plone","version":"5.0rc2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.10","latest_non_vulnerable_version":"6.0.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217525?format=json","vulnerability_id":"VCID-177r-1ryk-pfbp","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7140","reference_id":"","reference_type":"","scores":[{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.66058","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.66153","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.66167","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7140"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Oct/80","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2016/Oct/80"},{"reference_url":"https://github.com/advisories/GHSA-chvw-gjxf-f8mc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chvw-gjxf-f8mc"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-63.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7140","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7140"},{"reference_url":"https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/09/05/4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/09/05/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/09/05/5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/09/05/5"},{"reference_url":"http://www.securityfocus.com/archive/1/539572/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/539572/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/92752","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373466","reference_id":"1373466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13146?format=json","purl":"pkg:pypi/plone@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7"}],"aliases":["CVE-2016-7140","GHSA-chvw-gjxf-f8mc","PYSEC-2017-63"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-177r-1ryk-pfbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218089?format=json","vulnerability_id":"VCID-213v-yc9d-u7dx","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28734","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65733","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6583","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65844","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28734"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28734","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28734"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23898?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28734","GHSA-wq6x-g685-w5f2","PYSEC-2020-246"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-213v-yc9d-u7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217640?format=json","vulnerability_id":"VCID-37gz-3kz2-pyh5","summary":"A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000482","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52554","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52683","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52697","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000482"},{"reference_url":"https://github.com/advisories/GHSA-859j-668v-mrr6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-859j-668v-mrr6"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2233","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2233"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2234","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2234"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2235","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2235"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2236","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2236"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482"},{"reference_url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532485","reference_id":"1532485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532485"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14660?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000482","GHSA-859j-668v-mrr6","PYSEC-2018-71"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37gz-3kz2-pyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156864?format=json","vulnerability_id":"VCID-4yk1-dgbv-rubx","summary":"An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33926","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66463","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.6657","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66556","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33926"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33926","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33926"},{"reference_url":"https://plone.org/security/hotfix/20210518","reference_id":"20210518","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://plone.org/security/hotfix/20210518"},{"reference_url":"https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url","reference_id":"blind-ssrf-via-feedparser-accessing-an-internal-url","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"},{"reference_url":"https://github.com/advisories/GHSA-47p5-p3jw-w78w","reference_id":"GHSA-47p5-p3jw-w78w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47p5-p3jw-w78w"},{"reference_url":"https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf","reference_id":"Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33926","GHSA-47p5-p3jw-w78w","PYSEC-2023-289"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yk1-dgbv-rubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217514?format=json","vulnerability_id":"VCID-6e71-df37-yyf1","summary":"Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4043","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33747","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33927","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4043"},{"reference_url":"https://github.com/advisories/GHSA-6h8x-73fx-q2h9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h8x-73fx-q2h9"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-57.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-57.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4043","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4043"},{"reference_url":"https://plone.org/security/hotfix/20160419/bypass-restricted-python","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160419/bypass-restricted-python"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/3","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48490?format=json","purl":"pkg:pypi/plone@5.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13150?format=json","purl":"pkg:pypi/plone@5.1a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2"}],"aliases":["CVE-2016-4043","GHSA-6h8x-73fx-q2h9","PYSEC-2017-57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e71-df37-yyf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218160?format=json","vulnerability_id":"VCID-7w2h-6rxu-xqcd","summary":"Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33507","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52353","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52482","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52494","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33507"},{"reference_url":"https://github.com/advisories/GHSA-35rg-466w-77h3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35rg-466w-77h3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33507","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33507"},{"reference_url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33507","GHSA-35rg-466w-77h3","PYSEC-2021-79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7w2h-6rxu-xqcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217866?format=json","vulnerability_id":"VCID-8kb4-bxbj-4udw","summary":"SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7939","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61448","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61552","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61559","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7939"},{"reference_url":"https://github.com/advisories/GHSA-hhmf-7rgg-gcw5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhmf-7rgg-gcw5"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7939","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7939"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798204","reference_id":"1798204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56455?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7939","GHSA-hhmf-7rgg-gcw5","PYSEC-2020-88"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kb4-bxbj-4udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210426?format=json","vulnerability_id":"VCID-9qpy-74mb-cfc6","summary":"Plone XSS in User Fullname Property and File Upload","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3313","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63916","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63814","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63929","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3313"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml"},{"reference_url":"https://plone.org/download/releases/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/download/releases/5.2.3"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"},{"reference_url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3313","reference_id":"CVE-2021-3313","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3313"},{"reference_url":"https://github.com/advisories/GHSA-hprr-4vfq-fcxw","reference_id":"GHSA-hprr-4vfq-fcxw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hprr-4vfq-fcxw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23391?format=json","purl":"pkg:pypi/plone@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4"}],"aliases":["CVE-2021-3313","GHSA-hprr-4vfq-fcxw","PYSEC-2021-78"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpy-74mb-cfc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218156?format=json","vulnerability_id":"VCID-br6e-6exv-ykg6","summary":"Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33511","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5134","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51471","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51485","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33511"},{"reference_url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33511","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33511"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33511","GHSA-gc9g-67cq-p7v4","PYSEC-2021-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br6e-6exv-ykg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210631?format=json","vulnerability_id":"VCID-d874-w13w-qkey","summary":"Plone XSS Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29002","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54553","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54696","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54679","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29002"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3255","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3255"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml"},{"reference_url":"https://www.exploit-db.com/exploits/49668","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/49668"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29002","reference_id":"CVE-2021-29002","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29002"},{"reference_url":"https://github.com/advisories/GHSA-38g6-x6jv-jwff","reference_id":"GHSA-38g6-x6jv-jwff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38g6-x6jv-jwff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23391?format=json","purl":"pkg:pypi/plone@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4"}],"aliases":["CVE-2021-29002","GHSA-38g6-x6jv-jwff","PYSEC-2021-889"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d874-w13w-qkey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200674?format=json","vulnerability_id":"VCID-ezb4-3xtr-h3g6","summary":"Plone Sandbox Escape","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5524.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5524","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40073","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40265","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40241","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5524"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/1912","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/1912"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml"},{"reference_url":"https://plone.org/security/hotfix/20170117/sandbox-escape","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20170117/sandbox-escape"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/01/18/6","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/01/18/6"},{"reference_url":"http://www.securityfocus.com/bid/95679","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95679"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436640","reference_id":"1436640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436640"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5524","reference_id":"CVE-2017-5524","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5524"},{"reference_url":"https://github.com/advisories/GHSA-p5wr-vp8g-q5p4","reference_id":"GHSA-p5wr-vp8g-q5p4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5wr-vp8g-q5p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13146?format=json","purl":"pkg:pypi/plone@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/13151?format=json","purl":"pkg:pypi/plone@5.1b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1"}],"aliases":["CVE-2017-5524","GHSA-p5wr-vp8g-q5p4","PYSEC-2017-81"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezb4-3xtr-h3g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211637?format=json","vulnerability_id":"VCID-hb8u-3ubs-x7hf","summary":"Cross-Frame Scripting vulnerability has been found on Plone CMS","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0669","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16087","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15946","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16098","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0669"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0669","reference_id":"CVE-2024-0669","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0669"},{"reference_url":"https://github.com/advisories/GHSA-5xfx-55x4-j223","reference_id":"GHSA-5xfx-55x4-j223","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xfx-55x4-j223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/685947?format=json","purl":"pkg:pypi/plone@6.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/28441?format=json","purl":"pkg:pypi/plone@6.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.7"}],"aliases":["CVE-2024-0669","GHSA-5xfx-55x4-j223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8u-3ubs-x7hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218158?format=json","vulnerability_id":"VCID-hgwu-kg1s-ffcn","summary":"Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33512","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53951","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54077","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54095","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33512"},{"reference_url":"https://github.com/advisories/GHSA-hm2h-f456-6j88","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm2h-f456-6j88"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33512","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33512"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33512","GHSA-hm2h-f456-6j88","PYSEC-2021-84"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgwu-kg1s-ffcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217868?format=json","vulnerability_id":"VCID-kzvb-7yn4-qbb9","summary":"Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7940","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57112","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5723","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57245","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7940"},{"reference_url":"https://github.com/advisories/GHSA-cw58-gpgw-hwx2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw58-gpgw-hwx2"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7940","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7940"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798203","reference_id":"1798203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:pypi/plone@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56454?format=json","purl":"pkg:pypi/plone@5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q73-sfre-3ffg"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/56455?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7940","GHSA-cw58-gpgw-hwx2","PYSEC-2020-89"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzvb-7yn4-qbb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218155?format=json","vulnerability_id":"VCID-mu4f-29hh-dbhp","summary":"Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33509","reference_id":"","reference_type":"","scores":[{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75265","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75335","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75349","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33509"},{"reference_url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33509","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33509"},{"reference_url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33509","GHSA-hm2p-fhwx-9285","PYSEC-2021-81"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4f-29hh-dbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202775?format=json","vulnerability_id":"VCID-n722-gtzf-gqgd","summary":"Plone Open Redirect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000484","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41545","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41729","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41711","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000484"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532487","reference_id":"1532487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484","reference_id":"CVE-2017-1000484","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484"},{"reference_url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x","reference_id":"GHSA-xvwv-6wvx-px9x","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14660?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000484","GHSA-xvwv-6wvx-px9x","PYSEC-2018-73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n722-gtzf-gqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217512?format=json","vulnerability_id":"VCID-nzjx-cckn-dfbc","summary":"Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4041","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62909","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.63011","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.63023","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4041"},{"reference_url":"https://github.com/advisories/GHSA-qqgj-22gr-73vx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqgj-22gr-73vx"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4041","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4041"},{"reference_url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48490?format=json","purl":"pkg:pypi/plone@5.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13150?format=json","purl":"pkg:pypi/plone@5.1a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2"}],"aliases":["CVE-2016-4041","GHSA-qqgj-22gr-73vx","PYSEC-2017-55"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzjx-cckn-dfbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218159?format=json","vulnerability_id":"VCID-qmqy-eng1-3ka6","summary":"Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33510","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30522","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30718","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30737","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33510"},{"reference_url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33510","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33510"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33510","GHSA-4mg4-wvmx-5332","PYSEC-2021-82"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmqy-eng1-3ka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217513?format=json","vulnerability_id":"VCID-rmp2-rsv7-auds","summary":"Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4042","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46003","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46148","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46155","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4042"},{"reference_url":"https://github.com/advisories/GHSA-v4vj-49m5-wjhw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v4vj-49m5-wjhw"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4042","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4042"},{"reference_url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48490?format=json","purl":"pkg:pypi/plone@5.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13150?format=json","purl":"pkg:pypi/plone@5.1a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2"}],"aliases":["CVE-2016-4042","GHSA-v4vj-49m5-wjhw","PYSEC-2017-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmp2-rsv7-auds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361676?format=json","vulnerability_id":"VCID-rxv3-yw68-a3cp","summary":"User information disclosure\nA vulnerability allows unauthorized disclosure of registered user information.","references":[{"reference_url":"https://plone.org/products/plone/security/advisories/20151208-announcement","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20151208-announcement"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48485?format=json","purl":"pkg:pypi/plone@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.1"}],"aliases":["GMS-2015-51"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxv3-yw68-a3cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218088?format=json","vulnerability_id":"VCID-t8kn-cm9s-yfgv","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28736","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65733","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6583","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65844","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28736"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28736","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28736"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23898?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28736","GHSA-2c8c-84w2-j38j","PYSEC-2020-248"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8kn-cm9s-yfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217863?format=json","vulnerability_id":"VCID-tkhq-78vd-aygx","summary":"An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7936","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57102","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57221","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57235","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7936"},{"reference_url":"https://github.com/advisories/GHSA-82j9-wfcf-9v2h","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82j9-wfcf-9v2h"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7936","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7936"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798205","reference_id":"1798205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:pypi/plone@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-m1gb-mydp-bbez"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56455?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7936","GHSA-82j9-wfcf-9v2h","PYSEC-2020-85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkhq-78vd-aygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217865?format=json","vulnerability_id":"VCID-ub1u-ev6d-sugd","summary":"A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7941","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70507","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70597","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70611","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7941"},{"reference_url":"https://github.com/plone/plone.app.contenttypes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/plone.app.contenttypes"},{"reference_url":"https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7941","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7941"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798201","reference_id":"1798201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798201"},{"reference_url":"https://github.com/advisories/GHSA-w6g9-xccc-347h","reference_id":"GHSA-w6g9-xccc-347h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6g9-xccc-347h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56455?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7941","GHSA-w6g9-xccc-347h","PYSEC-2020-90"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub1u-ev6d-sugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218087?format=json","vulnerability_id":"VCID-utck-uem9-n7a6","summary":"Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28735","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65733","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.6583","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65844","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28735"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28735","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28735"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23898?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym8-nhsc-j7hf"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28735","GHSA-x7wf-5mjc-6x76","PYSEC-2020-247"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utck-uem9-n7a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218157?format=json","vulnerability_id":"VCID-z48y-dbfw-ubea","summary":"Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33513","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53951","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54077","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54095","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33513"},{"reference_url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33513","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33513"},{"reference_url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33513","GHSA-fj67-w3m4-rfmp","PYSEC-2021-85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z48y-dbfw-ubea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62497?format=json","vulnerability_id":"VCID-znrm-edqa-nfbe","summary":"Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22889","reference_id":"","reference_type":"","scores":[{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68639","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68536","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68625","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22889"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22889","reference_id":"CVE-2024-22889","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22889"},{"reference_url":"https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9","reference_id":"CVE-2024-22889-Plone-v6.0.9","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:30:42Z/"}],"url":"https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"},{"reference_url":"https://github.com/advisories/GHSA-xg5p-8wg5-rhxm","reference_id":"GHSA-xg5p-8wg5-rhxm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg5p-8wg5-rhxm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/702768?format=json","purl":"pkg:pypi/plone@6.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.10"}],"aliases":["CVE-2024-22889","GHSA-xg5p-8wg5-rhxm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znrm-edqa-nfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218161?format=json","vulnerability_id":"VCID-zny3-fyqj-h7bm","summary":"Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33508","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50962","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.51093","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.51106","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33508"},{"reference_url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33508","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33508"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64644?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-znrm-edqa-nfbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33508","GHSA-rmpv-rcp6-v8wc","PYSEC-2021-80"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zny3-fyqj-h7bm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217597?format=json","vulnerability_id":"VCID-14h5-hnhw-zuc2","summary":"Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7315.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7315","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63421","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63524","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63535","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7315"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264791","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264791"},{"reference_url":"https://github.com/advisories/GHSA-984m-rj28-8c6x","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-984m-rj28-8c6x"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/1845b0a92312291811b68907bf2aa0fb448c4016"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/9f0111f85cd14f3f067044b59b93e2856c99d542"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-52.yaml"},{"reference_url":"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7315","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7315"},{"reference_url":"https://plone.org/security/20150910","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910"},{"reference_url":"https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members"},{"reference_url":"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"},{"reference_url":"https://pypi.org/project/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/Products.PloneHotfix20150910"},{"reference_url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/22/13","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/09/22/13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45251?format=json","purl":"pkg:pypi/plone@4.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1e1b-7fkz-rybz"},{"vulnerability":"VCID-1j4m-pw7f-augk"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-21n8-a2su-nbbd"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4qbd-mwc7-7kdw"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-7zku-wweg-xua6"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-afnm-51yp-4bhc"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-cfen-6xpt-rqa3"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-dur5-cy82-1kex"},{"vulnerability":"VCID-dwph-zncb-fkhv"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-kmz7-9j1z-6fdp"},{"vulnerability":"VCID-m758-7mkw-g7ac"},{"vulnerability":"VCID-m7pv-me1q-6kh7"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nedk-vykq-xfda"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rdn1-sepc-xbdm"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-su9w-erpw-mqc3"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-uty1-5bvq-ffda"},{"vulnerability":"VCID-vym8-d8sa-bye2"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-wxz6-ka2n-jbdz"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"},{"vulnerability":"VCID-zpsw-2yqh-dqb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/45288?format=json","purl":"pkg:pypi/plone@4.1a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1e1b-7fkz-rybz"},{"vulnerability":"VCID-1j4m-pw7f-augk"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-21n8-a2su-nbbd"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4qbd-mwc7-7kdw"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-afnm-51yp-4bhc"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-cfen-6xpt-rqa3"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-dur5-cy82-1kex"},{"vulnerability":"VCID-dwph-zncb-fkhv"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-kmz7-9j1z-6fdp"},{"vulnerability":"VCID-m7pv-me1q-6kh7"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nedk-vykq-xfda"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rdn1-sepc-xbdm"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-su9w-erpw-mqc3"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-uty1-5bvq-ffda"},{"vulnerability":"VCID-vym8-d8sa-bye2"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-wxz6-ka2n-jbdz"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"},{"vulnerability":"VCID-zpsw-2yqh-dqb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1"},{"url":"http://public2.vulnerablecode.io/api/packages/46590?format=json","purl":"pkg:pypi/plone@4.2a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3kbx-xrnj-nyfu"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-bdam-dhg3-5kap"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1"},{"url":"http://public2.vulnerablecode.io/api/packages/13256?format=json","purl":"pkg:pypi/plone@4.3a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1"},{"url":"http://public2.vulnerablecode.io/api/packages/48480?format=json","purl":"pkg:pypi/plone@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/48636?format=json","purl":"pkg:pypi/plone@5.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2"}],"aliases":["CVE-2015-7315","GHSA-984m-rj28-8c6x","PYSEC-2017-52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14h5-hnhw-zuc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217600?format=json","vulnerability_id":"VCID-3kbx-xrnj-nyfu","summary":"Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7316","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66855","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66947","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66962","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264788"},{"reference_url":"https://github.com/advisories/GHSA-vf8g-m3vq-6p4p","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf8g-m3vq-6p4p"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7316","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7316"},{"reference_url":"https://plone.org/security/20150910/","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910/"},{"reference_url":"https://plone.org/security/20150910/non-persistent-xss-in-plone","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20150910/non-persistent-xss-in-plone"},{"reference_url":"https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"},{"reference_url":"https://pypi.org/project/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/Products.PloneHotfix20150910"},{"reference_url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.python.org/pypi/Products.PloneHotfix20150910"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/22/14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/09/22/14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386076?format=json","purl":"pkg:pypi/plone@3.3.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/45251?format=json","purl":"pkg:pypi/plone@4.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1e1b-7fkz-rybz"},{"vulnerability":"VCID-1j4m-pw7f-augk"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-21n8-a2su-nbbd"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4qbd-mwc7-7kdw"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-7zku-wweg-xua6"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-afnm-51yp-4bhc"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-cfen-6xpt-rqa3"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-dur5-cy82-1kex"},{"vulnerability":"VCID-dwph-zncb-fkhv"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-kmz7-9j1z-6fdp"},{"vulnerability":"VCID-m758-7mkw-g7ac"},{"vulnerability":"VCID-m7pv-me1q-6kh7"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nedk-vykq-xfda"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rdn1-sepc-xbdm"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-su9w-erpw-mqc3"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-uty1-5bvq-ffda"},{"vulnerability":"VCID-vym8-d8sa-bye2"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-wxz6-ka2n-jbdz"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"},{"vulnerability":"VCID-zpsw-2yqh-dqb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/386077?format=json","purl":"pkg:pypi/plone@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/45288?format=json","purl":"pkg:pypi/plone@4.1a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1e1b-7fkz-rybz"},{"vulnerability":"VCID-1j4m-pw7f-augk"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-21n8-a2su-nbbd"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4qbd-mwc7-7kdw"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-afnm-51yp-4bhc"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-cfen-6xpt-rqa3"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-dur5-cy82-1kex"},{"vulnerability":"VCID-dwph-zncb-fkhv"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-kmz7-9j1z-6fdp"},{"vulnerability":"VCID-m7pv-me1q-6kh7"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nedk-vykq-xfda"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rdn1-sepc-xbdm"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-su9w-erpw-mqc3"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-uty1-5bvq-ffda"},{"vulnerability":"VCID-vym8-d8sa-bye2"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-wxz6-ka2n-jbdz"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"},{"vulnerability":"VCID-zpsw-2yqh-dqb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1"},{"url":"http://public2.vulnerablecode.io/api/packages/386078?format=json","purl":"pkg:pypi/plone@4.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/46590?format=json","purl":"pkg:pypi/plone@4.2a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3kbx-xrnj-nyfu"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-bdam-dhg3-5kap"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1"},{"url":"http://public2.vulnerablecode.io/api/packages/386079?format=json","purl":"pkg:pypi/plone@4.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/13256?format=json","purl":"pkg:pypi/plone@4.3a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14h5-hnhw-zuc2"},{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-17pb-bgga-8ygp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-2ped-pk9p-5be3"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-3rsq-dq49-uyfg"},{"vulnerability":"VCID-3ufm-n2ku-8uax"},{"vulnerability":"VCID-4r5c-efmk-8feu"},{"vulnerability":"VCID-556h-c8hm-6qfc"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-6xwh-jvge-fkf9"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-fpv9-t5ew-aqe2"},{"vulnerability":"VCID-fxx5-msd8-1fh8"},{"vulnerability":"VCID-fz81-dgb8-27gh"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kcx4-zkp3-xucf"},{"vulnerability":"VCID-m98v-y63a-1yfr"},{"vulnerability":"VCID-mqru-hkfz-xkan"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-p3mr-uajx-k7gg"},{"vulnerability":"VCID-pbhm-ufh6-cufd"},{"vulnerability":"VCID-pv6u-hm6u-hbc1"},{"vulnerability":"VCID-q5np-v195-tkbz"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-qww5-d5cg-jfb5"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rqej-4883-q3ee"},{"vulnerability":"VCID-rsqs-u4ct-gbar"},{"vulnerability":"VCID-rx3j-xjyn-6qbj"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-tw7a-kck8-83dq"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-wxg7-n2p4-ayhw"},{"vulnerability":"VCID-xpdr-51cb-yudn"},{"vulnerability":"VCID-xsyw-pfvg-4qfm"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-ys4v-vwrn-4fa7"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1"},{"url":"http://public2.vulnerablecode.io/api/packages/48480?format=json","purl":"pkg:pypi/plone@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-1rvm-wt1t-kucb"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-5qmx-515u-dbdq"},{"vulnerability":"VCID-7h1m-1f34-5qcs"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-jp3d-8ja2-c3a6"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nkez-59zg-8fan"},{"vulnerability":"VCID-nr4g-tdxq-byhh"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-w7wr-p69p-13dw"},{"vulnerability":"VCID-xzvt-13fh-tubp"},{"vulnerability":"VCID-ys36-9r8f-63ab"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"},{"vulnerability":"VCID-zpcq-187m-p3hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/48636?format=json","purl":"pkg:pypi/plone@5.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-177r-1ryk-pfbp"},{"vulnerability":"VCID-213v-yc9d-u7dx"},{"vulnerability":"VCID-37gz-3kz2-pyh5"},{"vulnerability":"VCID-4yk1-dgbv-rubx"},{"vulnerability":"VCID-6e71-df37-yyf1"},{"vulnerability":"VCID-7w2h-6rxu-xqcd"},{"vulnerability":"VCID-8kb4-bxbj-4udw"},{"vulnerability":"VCID-9qpy-74mb-cfc6"},{"vulnerability":"VCID-br6e-6exv-ykg6"},{"vulnerability":"VCID-d874-w13w-qkey"},{"vulnerability":"VCID-ezb4-3xtr-h3g6"},{"vulnerability":"VCID-hb8u-3ubs-x7hf"},{"vulnerability":"VCID-hgwu-kg1s-ffcn"},{"vulnerability":"VCID-kzvb-7yn4-qbb9"},{"vulnerability":"VCID-mu4f-29hh-dbhp"},{"vulnerability":"VCID-n722-gtzf-gqgd"},{"vulnerability":"VCID-nzjx-cckn-dfbc"},{"vulnerability":"VCID-qmqy-eng1-3ka6"},{"vulnerability":"VCID-rmp2-rsv7-auds"},{"vulnerability":"VCID-rxv3-yw68-a3cp"},{"vulnerability":"VCID-t8kn-cm9s-yfgv"},{"vulnerability":"VCID-tkhq-78vd-aygx"},{"vulnerability":"VCID-ub1u-ev6d-sugd"},{"vulnerability":"VCID-utck-uem9-n7a6"},{"vulnerability":"VCID-z48y-dbfw-ubea"},{"vulnerability":"VCID-znrm-edqa-nfbe"},{"vulnerability":"VCID-zny3-fyqj-h7bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2"}],"aliases":["CVE-2015-7316","GHSA-vf8g-m3vq-6p4p","PYSEC-2017-53"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kbx-xrnj-nyfu"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2"}