| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-213v-yc9d-u7dx |
| vulnerability_id |
VCID-213v-yc9d-u7dx |
| summary |
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.3 |
| purl |
pkg:pypi/plone@5.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 1 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 2 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 3 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 4 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 5 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 6 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 7 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 8 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 9 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 10 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 11 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 12 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 13 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3 |
|
|
| aliases |
CVE-2020-28734, GHSA-wq6x-g685-w5f2, PYSEC-2020-246
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-213v-yc9d-u7dx |
|
| 1 |
| url |
VCID-2ym8-nhsc-j7hf |
| vulnerability_id |
VCID-2ym8-nhsc-j7hf |
| summary |
Plone has stored XSS in folder contents |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-35959, GHSA-qfhw-fv3g-v836, PYSEC-2021-110
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2ym8-nhsc-j7hf |
|
| 2 |
| url |
VCID-4yk1-dgbv-rubx |
| vulnerability_id |
VCID-4yk1-dgbv-rubx |
| summary |
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://plone.org/security/hotfix/20210518 |
| reference_id |
20210518 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/ |
|
|
| url |
https://plone.org/security/hotfix/20210518 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4yk1-dgbv-rubx |
|
| 3 |
| url |
VCID-7w2h-6rxu-xqcd |
| vulnerability_id |
VCID-7w2h-6rxu-xqcd |
| summary |
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-35rg-466w-77h3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-35rg-466w-77h3 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7w2h-6rxu-xqcd |
|
| 4 |
| url |
VCID-8kb4-bxbj-4udw |
| vulnerability_id |
VCID-8kb4-bxbj-4udw |
| summary |
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 5 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 6 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 7 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 8 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 9 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 10 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 11 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 12 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 13 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 14 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 15 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 16 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7939, GHSA-hhmf-7rgg-gcw5, PYSEC-2020-88
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8kb4-bxbj-4udw |
|
| 5 |
| url |
VCID-9qpy-74mb-cfc6 |
| vulnerability_id |
VCID-9qpy-74mb-cfc6 |
| summary |
Plone XSS in User Fullname Property and File Upload |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 2 |
|
| 3 |
| reference_url |
https://plone.org/download/releases/5.2.3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://plone.org/download/releases/5.2.3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.4 |
| purl |
pkg:pypi/plone@5.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 1 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 2 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 3 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 4 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 5 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 6 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 7 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 8 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 9 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 10 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 11 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4 |
|
|
| aliases |
CVE-2021-3313, GHSA-hprr-4vfq-fcxw, PYSEC-2021-78
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpy-74mb-cfc6 |
|
| 6 |
| url |
VCID-br6e-6exv-ykg6 |
| vulnerability_id |
VCID-br6e-6exv-ykg6 |
| summary |
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-br6e-6exv-ykg6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| url |
VCID-kzvb-7yn4-qbb9 |
| vulnerability_id |
VCID-kzvb-7yn4-qbb9 |
| summary |
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.1.7 |
| purl |
pkg:pypi/plone@5.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-8kb4-bxbj-4udw |
|
| 5 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 6 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 7 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 8 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 9 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 10 |
| vulnerability |
VCID-kzvb-7yn4-qbb9 |
|
| 11 |
| vulnerability |
VCID-m1gb-mydp-bbez |
|
| 12 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 13 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 14 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 15 |
| vulnerability |
VCID-tkhq-78vd-aygx |
|
| 16 |
| vulnerability |
VCID-ub1u-ev6d-sugd |
|
| 17 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 18 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 19 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 20 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 21 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7 |
|
| 1 |
| url |
pkg:pypi/plone@5.2.1 |
| purl |
pkg:pypi/plone@5.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1q73-sfre-3ffg |
|
| 1 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 2 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 3 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 4 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 5 |
| vulnerability |
VCID-8kb4-bxbj-4udw |
|
| 6 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 7 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 8 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 9 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 10 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 11 |
| vulnerability |
VCID-kzvb-7yn4-qbb9 |
|
| 12 |
| vulnerability |
VCID-m1gb-mydp-bbez |
|
| 13 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 14 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 15 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 16 |
| vulnerability |
VCID-tkhq-78vd-aygx |
|
| 17 |
| vulnerability |
VCID-ub1u-ev6d-sugd |
|
| 18 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 19 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 20 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 21 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 22 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1 |
|
| 2 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 5 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 6 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 7 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 8 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 9 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 10 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 11 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 12 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 13 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 14 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 15 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 16 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7940, GHSA-cw58-gpgw-hwx2, PYSEC-2020-89
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kzvb-7yn4-qbb9 |
|
| 11 |
| url |
VCID-m1gb-mydp-bbez |
| vulnerability_id |
VCID-m1gb-mydp-bbez |
| summary |
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 5 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 6 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 7 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 8 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 9 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 10 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 11 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 12 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 13 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 14 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 15 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 16 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7937, GHSA-8mc4-2xrc-g582, PYSEC-2020-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m1gb-mydp-bbez |
|
| 12 |
| url |
VCID-mu4f-29hh-dbhp |
| vulnerability_id |
VCID-mu4f-29hh-dbhp |
| summary |
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-hm2p-fhwx-9285 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hm2p-fhwx-9285 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4f-29hh-dbhp |
|
| 13 |
| url |
VCID-qmqy-eng1-3ka6 |
| vulnerability_id |
VCID-qmqy-eng1-3ka6 |
| summary |
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-4mg4-wvmx-5332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-4mg4-wvmx-5332 |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmqy-eng1-3ka6 |
|
| 14 |
| url |
VCID-t8kn-cm9s-yfgv |
| vulnerability_id |
VCID-t8kn-cm9s-yfgv |
| summary |
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.3 |
| purl |
pkg:pypi/plone@5.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 1 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 2 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 3 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 4 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 5 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 6 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 7 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 8 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 9 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 10 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 11 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 12 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 13 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3 |
|
|
| aliases |
CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t8kn-cm9s-yfgv |
|
| 15 |
| url |
VCID-tkhq-78vd-aygx |
| vulnerability_id |
VCID-tkhq-78vd-aygx |
| summary |
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.1.7 |
| purl |
pkg:pypi/plone@5.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-8kb4-bxbj-4udw |
|
| 5 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 6 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 7 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 8 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 9 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 10 |
| vulnerability |
VCID-kzvb-7yn4-qbb9 |
|
| 11 |
| vulnerability |
VCID-m1gb-mydp-bbez |
|
| 12 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 13 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 14 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 15 |
| vulnerability |
VCID-tkhq-78vd-aygx |
|
| 16 |
| vulnerability |
VCID-ub1u-ev6d-sugd |
|
| 17 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 18 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 19 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 20 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 21 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7 |
|
| 1 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 5 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 6 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 7 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 8 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 9 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 10 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 11 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 12 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 13 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 14 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 15 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 16 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7936, GHSA-82j9-wfcf-9v2h, PYSEC-2020-85
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tkhq-78vd-aygx |
|
| 16 |
| url |
VCID-ub1u-ev6d-sugd |
| vulnerability_id |
VCID-ub1u-ev6d-sugd |
| summary |
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.2 |
| purl |
pkg:pypi/plone@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-213v-yc9d-u7dx |
|
| 1 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 2 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 3 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 4 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 5 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 6 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 7 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 8 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 9 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 10 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 11 |
| vulnerability |
VCID-t8kn-cm9s-yfgv |
|
| 12 |
| vulnerability |
VCID-utck-uem9-n7a6 |
|
| 13 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 14 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 15 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 16 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2 |
|
|
| aliases |
CVE-2020-7941, GHSA-w6g9-xccc-347h, PYSEC-2020-90
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ub1u-ev6d-sugd |
|
| 17 |
| url |
VCID-utck-uem9-n7a6 |
| vulnerability_id |
VCID-utck-uem9-n7a6 |
| summary |
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/plone@5.2.3 |
| purl |
pkg:pypi/plone@5.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ym8-nhsc-j7hf |
|
| 1 |
| vulnerability |
VCID-4yk1-dgbv-rubx |
|
| 2 |
| vulnerability |
VCID-7w2h-6rxu-xqcd |
|
| 3 |
| vulnerability |
VCID-9qpy-74mb-cfc6 |
|
| 4 |
| vulnerability |
VCID-br6e-6exv-ykg6 |
|
| 5 |
| vulnerability |
VCID-d874-w13w-qkey |
|
| 6 |
| vulnerability |
VCID-hb8u-3ubs-x7hf |
|
| 7 |
| vulnerability |
VCID-hgwu-kg1s-ffcn |
|
| 8 |
| vulnerability |
VCID-mu4f-29hh-dbhp |
|
| 9 |
| vulnerability |
VCID-qmqy-eng1-3ka6 |
|
| 10 |
| vulnerability |
VCID-z48y-dbfw-ubea |
|
| 11 |
| vulnerability |
VCID-znrm-edqa-nfbe |
|
| 12 |
| vulnerability |
VCID-zny3-fyqj-h7bm |
|
| 13 |
| vulnerability |
VCID-zpcq-187m-p3hk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3 |
|
|
| aliases |
CVE-2020-28735, GHSA-x7wf-5mjc-6x76, PYSEC-2020-247
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utck-uem9-n7a6 |
|
| 18 |
| url |
VCID-z48y-dbfw-ubea |
| vulnerability_id |
VCID-z48y-dbfw-ubea |
| summary |
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-fj67-w3m4-rfmp |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-fj67-w3m4-rfmp |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z48y-dbfw-ubea |
|
| 19 |
|
| 20 |
| url |
VCID-zny3-fyqj-h7bm |
| vulnerability_id |
VCID-zny3-fyqj-h7bm |
| summary |
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-rmpv-rcp6-v8wc |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-rmpv-rcp6-v8wc |
|
| 2 |
| reference_url |
https://github.com/plone/Plone |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/plone/Plone |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zny3-fyqj-h7bm |
|
| 21 |
| url |
VCID-zpcq-187m-p3hk |
| vulnerability_id |
VCID-zpcq-187m-p3hk |
| summary |
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/zopefoundation/Zope |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/zopefoundation/Zope |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2021-32633 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2021-32633 |
|
| 13 |
|
| 14 |
| reference_url |
https://pypi.org/project/Zope |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.org/project/Zope |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-32633, CVE-2021-32674, GHSA-5pr9-v234-jw36, GHSA-5vq5-pg3r-9ph3, GHSA-962m-m8jw-8wrr, GHSA-rpcg-f9q6-2mq6, PYSEC-2021-104, PYSEC-2021-88
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcq-187m-p3hk |
|
|
|---|