{"url":"http://public2.vulnerablecode.io/api/packages/6982?format=json","purl":"pkg:pypi/plone@3.2a1","type":"pypi","namespace":"","name":"plone","version":"3.2a1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2a3","latest_non_vulnerable_version":"6.0.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34902?format=json","vulnerability_id":"VCID-2sk4-yc6h-17c4","summary":"The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.","references":[{"reference_url":"https://bugs.launchpad.net/zope2/+bug/1079238","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/zope2/+bug/1079238"},{"reference_url":"https://github.com/advisories/GHSA-879r-7f3w-8jj3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-879r-7f3w-8jj3"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/05","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/05"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5489","reference_id":"CVE-2012-5489","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5489","GHSA-879r-7f3w-8jj3","PYSEC-2014-31","PYSEC-2014-74"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sk4-yc6h-17c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34733?format=json","vulnerability_id":"VCID-3buw-zes9-ukg4","summary":"Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.","references":[{"reference_url":"http://osvdb.org/72728","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/72728"},{"reference_url":"http://plone.org/products/plone/security/advisories/CVE-2011-1949","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/CVE-2011-1949"},{"reference_url":"http://secunia.com/advisories/44775","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44775"},{"reference_url":"http://secunia.com/advisories/44776","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44776"},{"reference_url":"http://securityreason.com/securityalert/8269","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8269"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"},{"reference_url":"https://github.com/advisories/GHSA-h6hq-c896-w882","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h6hq-c896-w882"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml"},{"reference_url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/48005","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/48005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1949","reference_id":"CVE-2011-1949","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7101?format=json","purl":"pkg:pypi/plone@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-fqcf-4say-h7g8"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jhw6-wxz2-qbgd"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7133?format=json","purl":"pkg:pypi/plone@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"}],"aliases":["CVE-2011-1949","GHSA-h6hq-c896-w882","PYSEC-2011-15"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3buw-zes9-ukg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34846?format=json","vulnerability_id":"VCID-3shf-hh9a-rqdw","summary":"zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978453","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978453"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4191","PYSEC-2014-55"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3shf-hh9a-rqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34834?format=json","vulnerability_id":"VCID-4v5e-r5we-tffe","summary":"The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property,  redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/08/01/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/08/01/2"},{"reference_url":"http://www.securityfocus.com/archive/1/530787/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/530787/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4200","reference_id":"CVE-2013-4200","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4200"},{"reference_url":"https://github.com/advisories/GHSA-56p3-rrp4-2j82","reference_id":"GHSA-56p3-rrp4-2j82","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-56p3-rrp4-2j82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4200","GHSA-56p3-rrp4-2j82","PYSEC-2014-64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4v5e-r5we-tffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35163?format=json","vulnerability_id":"VCID-5ry7-xy6b-5fag","summary":"Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.","references":[{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/sandbox-escape","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20171128/sandbox-escape"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000483","reference_id":"CVE-2017-1000483","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000483"},{"reference_url":"https://github.com/advisories/GHSA-qc57-h2f7-p4hx","reference_id":"GHSA-qc57-h2f7-p4hx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qc57-h2f7-p4hx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000483","GHSA-qc57-h2f7-p4hx","PYSEC-2018-72"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ry7-xy6b-5fag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35042?format=json","vulnerability_id":"VCID-6568-4ert-1bau","summary":"Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.","references":[{"reference_url":"https://github.com/advisories/GHSA-p5wr-vp8g-q5p4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p5wr-vp8g-q5p4"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/1912","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/1912"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml"},{"reference_url":"https://plone.org/security/hotfix/20170117/sandbox-escape","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20170117/sandbox-escape"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/01/18/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/01/18/6"},{"reference_url":"http://www.securityfocus.com/bid/95679","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95679"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5524","reference_id":"CVE-2017-5524","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5524"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9624?format=json","purl":"pkg:pypi/plone@4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/9625?format=json","purl":"pkg:pypi/plone@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-jvvz-bafs-t7gc"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/10585?format=json","purl":"pkg:pypi/plone@5.1b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1"}],"aliases":["CVE-2017-5524","GHSA-p5wr-vp8g-q5p4","PYSEC-2017-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6568-4ert-1bau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35162?format=json","vulnerability_id":"VCID-69ps-uetw-y3gf","summary":"A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2233","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2233"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2234","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2234"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2235","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2235"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2236","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2236"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482","reference_id":"CVE-2017-1000482","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482"},{"reference_url":"https://github.com/advisories/GHSA-859j-668v-mrr6","reference_id":"GHSA-859j-668v-mrr6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-859j-668v-mrr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000482","GHSA-859j-668v-mrr6","PYSEC-2018-71"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69ps-uetw-y3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35702?format=json","vulnerability_id":"VCID-8rp3-p3qe-x7ej","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).","references":[{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28736","GHSA-2c8c-84w2-j38j","PYSEC-2020-248"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34855?format=json","vulnerability_id":"VCID-9a27-8egg-7uam","summary":"traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\"","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978449","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978449"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4188","PYSEC-2014-52"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9a27-8egg-7uam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34856?format=json","vulnerability_id":"VCID-9dr2-mexa-qfbn","summary":"sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978464","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978464"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4192","PYSEC-2014-56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dr2-mexa-qfbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34912?format=json","vulnerability_id":"VCID-9kgy-2mwu-6yhd","summary":"registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/01","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/01"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5485","PYSEC-2014-27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kgy-2mwu-6yhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34847?format=json","vulnerability_id":"VCID-9u27-bf7b-x7er","summary":"typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978469","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978469"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4193","PYSEC-2014-57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u27-bf7b-x7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35806?format=json","vulnerability_id":"VCID-ax8a-2g7j-6ya2","summary":"Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.","references":[{"reference_url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp"},{"reference_url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33513","GHSA-fj67-w3m4-rfmp","PYSEC-2021-85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35798?format=json","vulnerability_id":"VCID-basq-jjsf-3fbd","summary":"Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.","references":[{"reference_url":"https://plone.org/download/releases/5.2.3","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/download/releases/5.2.3"},{"reference_url":"https://plone.org/security/hotfix/20210518","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518"},{"reference_url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21990?format=json","purl":"pkg:pypi/plone@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4"}],"aliases":["CVE-2021-3313","PYSEC-2021-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34908?format=json","vulnerability_id":"VCID-chqa-wbu7-eyak","summary":"queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1194","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=874665","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=874665"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-40.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-40.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/14","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/14"},{"reference_url":"https://web.archive.org/web/20130528001715/https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20130528001715/https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://web.archive.org/web/20131103191705/https://plone.org/products/plone/security/advisories/20121106/14","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20131103191705/https://plone.org/products/plone/security/advisories/20121106/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/09/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/09/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-5498","reference_id":"CVE-2012-5498","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2012-5498"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5498","reference_id":"CVE-2012-5498","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5498"},{"reference_url":"https://github.com/advisories/GHSA-97rj-p794-wq6m","reference_id":"GHSA-97rj-p794-wq6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-97rj-p794-wq6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5498","GHSA-97rj-p794-wq6m","PYSEC-2014-40"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chqa-wbu7-eyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35117?format=json","vulnerability_id":"VCID-cpwq-sq8b-4yhf","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.","references":[{"reference_url":"http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"},{"reference_url":"https://plone.org/security/hotfix/20151006","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20151006"},{"reference_url":"https://pypi.python.org/pypi/plone4.csrffixes","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.python.org/pypi/plone4.csrffixes"},{"reference_url":"https://www.exploit-db.com/exploits/38411/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/38411/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9723?format=json","purl":"pkg:pypi/plone@5.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-d6hq-qfek-1bgu"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1"}],"aliases":["CVE-2015-7293","PYSEC-2017-51"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwq-sq8b-4yhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35801?format=json","vulnerability_id":"VCID-d42u-s7za-a3ad","summary":"Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.","references":[{"reference_url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33511","GHSA-gc9g-67cq-p7v4","PYSEC-2021-83"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35161?format=json","vulnerability_id":"VCID-dg61-tw4u-dbcc","summary":"When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2233","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2233"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2234","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2234"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2235","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2235"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2236","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/pull/2236"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/open-redirection-on-login-form","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000481","reference_id":"CVE-2017-1000481","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000481"},{"reference_url":"https://github.com/advisories/GHSA-8g72-gq68-6gqh","reference_id":"GHSA-8g72-gq68-6gqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8g72-gq68-6gqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000481","GHSA-8g72-gq68-6gqh","PYSEC-2018-70"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34919?format=json","vulnerability_id":"VCID-dxqw-uf6r-vbbh","summary":"at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/17","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/17"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5501","PYSEC-2014-43"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxqw-uf6r-vbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35164?format=json","vulnerability_id":"VCID-edq7-7ncc-mbfx","summary":"By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)","references":[{"reference_url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484","reference_id":"CVE-2017-1000484","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000484","GHSA-xvwv-6wvx-px9x","PYSEC-2018-73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34906?format=json","vulnerability_id":"VCID-eg2r-ez9f-hkak","summary":"Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\"","references":[{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-36.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-36.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/10","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5494","reference_id":"CVE-2012-5494","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5494"},{"reference_url":"https://github.com/advisories/GHSA-3g6w-4m7x-97v6","reference_id":"GHSA-3g6w-4m7x-97v6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3g6w-4m7x-97v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5494","GHSA-3g6w-4m7x-97v6","PYSEC-2014-36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eg2r-ez9f-hkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35800?format=json","vulnerability_id":"VCID-eu4z-htaq-c3d6","summary":"Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.","references":[{"reference_url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33510","GHSA-4mg4-wvmx-5332","PYSEC-2021-82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35701?format=json","vulnerability_id":"VCID-exan-4j3e-2qeh","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.","references":[{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28734","GHSA-wq6x-g685-w5f2","PYSEC-2020-246"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exan-4j3e-2qeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35700?format=json","vulnerability_id":"VCID-fdpc-runu-ekah","summary":"Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).","references":[{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.misakikata.com/codes/plone/python-en.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28735","GHSA-x7wf-5mjc-6x76","PYSEC-2020-247"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpc-runu-ekah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34910?format=json","vulnerability_id":"VCID-g2ap-vh6r-yqds","summary":"AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.","references":[{"reference_url":"https://bugs.launchpad.net/zope2/+bug/1071067","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/zope2/+bug/1071067"},{"reference_url":"https://github.com/advisories/GHSA-3qpr-7rmg-73v8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3qpr-7rmg-73v8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/23","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/23"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5507","reference_id":"CVE-2012-5507","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5507","GHSA-3qpr-7rmg-73v8","PYSEC-2014-49","PYSEC-2014-75"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2ap-vh6r-yqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34920?format=json","vulnerability_id":"VCID-g6ky-pfur-7kfg","summary":"Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-46.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-46.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/20","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/20"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5504","reference_id":"CVE-2012-5504","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5504"},{"reference_url":"https://github.com/advisories/GHSA-5whw-5cmm-9jw4","reference_id":"GHSA-5whw-5cmm-9jw4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5whw-5cmm-9jw4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5504","GHSA-5whw-5cmm-9jw4","PYSEC-2014-46"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6ky-pfur-7kfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34914?format=json","vulnerability_id":"VCID-gdtw-2d1s-2bbw","summary":"Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/06","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/06"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5490","PYSEC-2014-32"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdtw-2d1s-2bbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34909?format=json","vulnerability_id":"VCID-h8ur-tnzd-afay","summary":"atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/21","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/21"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5505","PYSEC-2014-47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ur-tnzd-afay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34915?format=json","vulnerability_id":"VCID-hb93-ea78-8ygv","summary":"gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/09","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/09"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5493","PYSEC-2014-35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb93-ea78-8ygv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35022?format=json","vulnerability_id":"VCID-hhux-xufk-ube2","summary":"Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.","references":[{"reference_url":"https://plone.org/security/hotfix/20170117","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20170117"},{"reference_url":"https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"},{"reference_url":"https://www.curesec.com/blog/article/blog/Plone-XSS-186.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"},{"reference_url":"http://www.securityfocus.com/bid/96117","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96117"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9624?format=json","purl":"pkg:pypi/plone@4.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/9625?format=json","purl":"pkg:pypi/plone@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-jvvz-bafs-t7gc"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7"}],"aliases":["CVE-2016-7147","PYSEC-2017-64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhux-xufk-ube2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34849?format=json","vulnerability_id":"VCID-hygx-6n52-u7fz","summary":"mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978480","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978480"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4198","PYSEC-2014-62"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hygx-6n52-u7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34722?format=json","vulnerability_id":"VCID-jhw6-wxz2-qbgd","summary":"Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.","references":[{"reference_url":"http://osvdb.org/70753","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/70753"},{"reference_url":"http://plone.org/products/plone/security/advisories/cve-2011-0720","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/cve-2011-0720"},{"reference_url":"http://secunia.com/advisories/43146","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43146"},{"reference_url":"http://secunia.com/advisories/43914","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43914"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65099","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0393.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0393.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0394.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0394.html"},{"reference_url":"http://www.securityfocus.com/bid/46102","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46102"},{"reference_url":"http://www.securitytracker.com/id?1025258","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025258"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0796","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0796"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7114?format=json","purl":"pkg:pypi/plone@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.1"}],"aliases":["CVE-2011-0720","PYSEC-2011-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhw6-wxz2-qbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34732?format=json","vulnerability_id":"VCID-jvwn-yw13-gfe9","summary":"plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.","references":[{"reference_url":"http://osvdb.org/72729","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/72729"},{"reference_url":"http://plone.org/products/plone/security/advisories/CVE-2011-1950","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/CVE-2011-1950"},{"reference_url":"http://secunia.com/advisories/44775","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44775"},{"reference_url":"http://securityreason.com/securityalert/8269","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8269"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"},{"reference_url":"https://github.com/advisories/GHSA-2qx8-589j-gcpx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2qx8-589j-gcpx"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml"},{"reference_url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/48005","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/48005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1950","reference_id":"CVE-2011-1950","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1950"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7133?format=json","purl":"pkg:pypi/plone@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"}],"aliases":["CVE-2011-1950","GHSA-2qx8-589j-gcpx","PYSEC-2011-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvwn-yw13-gfe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34935?format=json","vulnerability_id":"VCID-khhr-m295-23gs","summary":"Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors.  NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).","references":[{"reference_url":"https://bugs.launchpad.net/zope2/+bug/1071067","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/zope2/+bug/1071067"},{"reference_url":"https://github.com/advisories/GHSA-48vv-2pmq-9fvv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-48vv-2pmq-9fvv"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121124","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121124"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/24","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6661","reference_id":"CVE-2012-6661","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-6661","GHSA-48vv-2pmq-9fvv","PYSEC-2014-51","PYSEC-2014-76"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khhr-m295-23gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34933?format=json","vulnerability_id":"VCID-khsn-43tn-37bx","summary":"The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/16","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5500","PYSEC-2014-42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khsn-43tn-37bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34913?format=json","vulnerability_id":"VCID-krfw-xa2b-vue5","summary":"ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1194","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1194"},{"reference_url":"https://bugs.launchpad.net/zope2/+bug/930812","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/zope2/+bug/930812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=878939","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=878939"},{"reference_url":"https://github.com/advisories/GHSA-77hv-8796-8ccp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-77hv-8796-8ccp"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/02","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/02"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-5486","reference_id":"CVE-2012-5486","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2012-5486"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5486","reference_id":"CVE-2012-5486","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5486","GHSA-77hv-8796-8ccp","PYSEC-2014-28","PYSEC-2014-73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krfw-xa2b-vue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34903?format=json","vulnerability_id":"VCID-kz14-79we-xbfe","summary":"uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/08","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/08"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5492","PYSEC-2014-34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz14-79we-xbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34918?format=json","vulnerability_id":"VCID-mh7a-3p1f-9ufs","summary":"kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/12","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7101?format=json","purl":"pkg:pypi/plone@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-fqcf-4say-h7g8"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jhw6-wxz2-qbgd"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.6"}],"aliases":["CVE-2012-5496","PYSEC-2014-38"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh7a-3p1f-9ufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34907?format=json","vulnerability_id":"VCID-mt5t-3gsw-7fde","summary":"python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to \"go_back.\"","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/11","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5495","PYSEC-2014-37"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mt5t-3gsw-7fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34843?format=json","vulnerability_id":"VCID-nrxp-p6rx-8kdd","summary":"Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978471","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978471"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4195","reference_id":"CVE-2013-4195","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4195"},{"reference_url":"https://github.com/advisories/GHSA-j67j-8hrp-76xm","reference_id":"GHSA-j67j-8hrp-76xm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j67j-8hrp-76xm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4195","GHSA-j67j-8hrp-76xm","PYSEC-2014-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrxp-p6rx-8kdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35805?format=json","vulnerability_id":"VCID-p71t-er3d-9fdn","summary":"Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.","references":[{"reference_url":"https://github.com/advisories/GHSA-hm2h-f456-6j88","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm2h-f456-6j88"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33512","GHSA-hm2h-f456-6j88","PYSEC-2021-84"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p71t-er3d-9fdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34923?format=json","vulnerability_id":"VCID-pb2y-jwn1-wbck","summary":"python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/04","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/04"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5488","PYSEC-2014-30"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb2y-jwn1-wbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34922?format=json","vulnerability_id":"VCID-pgrv-sncf-cqca","summary":"python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.","references":[{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-48.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-48.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/22","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/22"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5506","reference_id":"CVE-2012-5506","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5506"},{"reference_url":"https://github.com/advisories/GHSA-79hj-474h-v4xv","reference_id":"GHSA-79hj-474h-v4xv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-79hj-474h-v4xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5506","GHSA-79hj-474h-v4xv","PYSEC-2014-48"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgrv-sncf-cqca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35804?format=json","vulnerability_id":"VCID-q7nt-b3s9-9kf6","summary":"Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.","references":[{"reference_url":"https://github.com/advisories/GHSA-35rg-466w-77h3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-35rg-466w-77h3"},{"reference_url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33507","GHSA-35rg-466w-77h3","PYSEC-2021-79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35802?format=json","vulnerability_id":"VCID-r52t-hx1j-ufa1","summary":"Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.","references":[{"reference_url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33508","GHSA-rmpv-rcp6-v8wc","PYSEC-2021-80"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34845?format=json","vulnerability_id":"VCID-s84e-bb7w-5qht","summary":"member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978478","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978478"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4197","PYSEC-2014-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s84e-bb7w-5qht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34844?format=json","vulnerability_id":"VCID-shjb-m9k6-uuf1","summary":"(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978482","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978482"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4199","reference_id":"CVE-2013-4199","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4199"},{"reference_url":"https://github.com/advisories/GHSA-xfjq-9rxq-ph6m","reference_id":"GHSA-xfjq-9rxq-ph6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfjq-9rxq-ph6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4199","GHSA-xfjq-9rxq-ph6m","PYSEC-2014-63"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shjb-m9k6-uuf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34911?format=json","vulnerability_id":"VCID-svbc-dj3m-t7av","summary":"membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/13","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5497","PYSEC-2014-39"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svbc-dj3m-t7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34934?format=json","vulnerability_id":"VCID-tc7w-wttv-vfed","summary":"The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors.  NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.","references":[{"reference_url":"https://bugs.launchpad.net/zope2/+bug/1071067","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/zope2/+bug/1071067"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-50.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-50.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121124","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121124"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/24","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5508","reference_id":"CVE-2012-5508","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5508"},{"reference_url":"https://github.com/advisories/GHSA-wprr-mc54-c62q","reference_id":"GHSA-wprr-mc54-c62q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wprr-mc54-c62q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5508","GHSA-wprr-mc54-c62q","PYSEC-2014-50"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc7w-wttv-vfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34852?format=json","vulnerability_id":"VCID-ud5f-7gx8-83d6","summary":"The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978475","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978475"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4196","reference_id":"CVE-2013-4196","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4196"},{"reference_url":"https://github.com/advisories/GHSA-qphh-5fv5-2mjj","reference_id":"GHSA-qphh-5fv5-2mjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qphh-5fv5-2mjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4196","GHSA-qphh-5fv5-2mjj","PYSEC-2014-60"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud5f-7gx8-83d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34734?format=json","vulnerability_id":"VCID-uqe7-n3uh-zfac","summary":"Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.","references":[{"reference_url":"http://osvdb.org/72727","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/72727"},{"reference_url":"http://plone.org/products/plone/security/advisories/CVE-2011-1948","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/CVE-2011-1948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0151","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0151"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=711494","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=711494"},{"reference_url":"http://secunia.com/advisories/44775","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44775"},{"reference_url":"http://secunia.com/advisories/44776","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44776"},{"reference_url":"http://securityreason.com/securityalert/8269","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8269"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67693","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-14.yaml"},{"reference_url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/518155/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/48005","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/48005"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2011-1948","reference_id":"CVE-2011-1948","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2011-1948"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1948","reference_id":"CVE-2011-1948","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1948"},{"reference_url":"https://github.com/advisories/GHSA-p7h9-vf92-5fj5","reference_id":"GHSA-p7h9-vf92-5fj5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p7h9-vf92-5fj5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"}],"aliases":["CVE-2011-1948","GHSA-p7h9-vf92-5fj5","PYSEC-2011-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqe7-n3uh-zfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34916?format=json","vulnerability_id":"VCID-uykg-p1e9-mfd8","summary":"python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1194.html"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/15","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5499","PYSEC-2014-41"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uykg-p1e9-mfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34921?format=json","vulnerability_id":"VCID-vr9k-9xch-4yc7","summary":"ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.","references":[{"reference_url":"https://github.com/advisories/GHSA-prr5-pfr8-q9f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prr5-pfr8-q9f3"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-45.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-45.yaml"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/19","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/19"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5503","reference_id":"CVE-2012-5503","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5503","GHSA-prr5-pfr8-q9f3","PYSEC-2014-45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr9k-9xch-4yc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35803?format=json","vulnerability_id":"VCID-x2xm-hpc2-uubq","summary":"Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.","references":[{"reference_url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285"},{"reference_url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33509","GHSA-hm2p-fhwx-9285","PYSEC-2021-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34905?format=json","vulnerability_id":"VCID-x6y6-xx1a-7kfd","summary":"Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/18","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/18"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5502","PYSEC-2014-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6y6-xx1a-7kfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34853?format=json","vulnerability_id":"VCID-x8n5-qj35-eqb1","summary":"Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978451","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978451"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4190","PYSEC-2014-54"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8n5-qj35-eqb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34694?format=json","vulnerability_id":"VCID-xcaz-c9xr-8bhv","summary":"Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.","references":[{"reference_url":"http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"},{"reference_url":"http://secunia.com/advisories/40270","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40270"},{"reference_url":"http://www.securityfocus.com/bid/40999","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/40999"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6999?format=json","purl":"pkg:pypi/plone@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-3buw-zes9-ukg4"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-fqcf-4say-h7g8"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-jhw6-wxz2-qbgd"},{"vulnerability":"VCID-jvwn-yw13-gfe9"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mh7a-3p1f-9ufs"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-uqe7-n3uh-zfac"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-z886-y25h-nua3"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.3.5"}],"aliases":["CVE-2010-2422","PYSEC-2010-19"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcaz-c9xr-8bhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34917?format=json","vulnerability_id":"VCID-xpq8-npn5-kyb9","summary":"z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/07","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/07"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5491","PYSEC-2014-33"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpq8-npn5-kyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34745?format=json","vulnerability_id":"VCID-yhzr-hb68-cfd6","summary":"Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"},{"reference_url":"http://secunia.com/advisories/47406","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/47406"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72018","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"},{"reference_url":"https://github.com/advisories/GHSA-pcwm-8jc3-qxvj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pcwm-8jc3-qxvj"},{"reference_url":"https://github.com/plone/plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-22.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-22.yaml"},{"reference_url":"http://www.kb.cert.org/vuls/id/903934","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/903934"},{"reference_url":"http://www.nruns.com/_downloads/advisory28122011.pdf","reference_id":"","reference_type":"","scores":[],"url":"http://www.nruns.com/_downloads/advisory28122011.pdf"},{"reference_url":"http://www.ocert.org/advisories/ocert-2011-003.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.ocert.org/advisories/ocert-2011-003.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4462","reference_id":"CVE-2011-4462","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7180?format=json","purl":"pkg:pypi/plone@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.4"}],"aliases":["CVE-2011-4462","GHSA-pcwm-8jc3-qxvj","PYSEC-2011-22"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhzr-hb68-cfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34854?format=json","vulnerability_id":"VCID-ykmg-jcfe-8qf4","summary":"Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978450","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978450"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4189","PYSEC-2014-53"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykmg-jcfe-8qf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34850?format=json","vulnerability_id":"VCID-yuph-y2fa-3uaa","summary":"The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.","references":[{"reference_url":"http://plone.org/products/plone-hotfix/releases/20130618","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone-hotfix/releases/20130618"},{"reference_url":"http://plone.org/products/plone/security/advisories/20130618-announcement","reference_id":"","reference_type":"","scores":[],"url":"http://plone.org/products/plone/security/advisories/20130618-announcement"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=978470","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=978470"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/261","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/261"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4194","reference_id":"CVE-2013-4194","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4194"},{"reference_url":"https://github.com/advisories/GHSA-mm32-jw73-9227","reference_id":"GHSA-mm32-jw73-9227","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mm32-jw73-9227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7146?format=json","purl":"pkg:pypi/plone@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9kgy-2mwu-6yhd"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-chqa-wbu7-eyak"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-dxqw-uf6r-vbbh"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eg2r-ez9f-hkak"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-g6ky-pfur-7kfg"},{"vulnerability":"VCID-gdtw-2d1s-2bbw"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-h8ur-tnzd-afay"},{"vulnerability":"VCID-hb93-ea78-8ygv"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-khsn-43tn-37bx"},{"vulnerability":"VCID-krfw-xa2b-vue5"},{"vulnerability":"VCID-kz14-79we-xbfe"},{"vulnerability":"VCID-mt5t-3gsw-7fde"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pb2y-jwn1-wbck"},{"vulnerability":"VCID-pgrv-sncf-cqca"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-svbc-dj3m-t7av"},{"vulnerability":"VCID-tc7w-wttv-vfed"},{"vulnerability":"VCID-uykg-p1e9-mfd8"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-vr9k-9xch-4yc7"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x6y6-xx1a-7kfd"},{"vulnerability":"VCID-xpq8-npn5-kyb9"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-yhzr-hb68-cfd6"},{"vulnerability":"VCID-zd73-fvwg-nbgx"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7900?format=json","purl":"pkg:pypi/plone@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7901?format=json","purl":"pkg:pypi/plone@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2"}],"aliases":["CVE-2013-4194","GHSA-mm32-jw73-9227","PYSEC-2014-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuph-y2fa-3uaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34904?format=json","vulnerability_id":"VCID-zd73-fvwg-nbgx","summary":"The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.","references":[{"reference_url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"reference_url":"https://plone.org/products/plone-hotfix/releases/20121106","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"reference_url":"https://plone.org/products/plone/security/advisories/20121106/03","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20121106/03"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/10/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7895?format=json","purl":"pkg:pypi/plone@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-3shf-hh9a-rqdw"},{"vulnerability":"VCID-4v5e-r5we-tffe"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9a27-8egg-7uam"},{"vulnerability":"VCID-9dr2-mexa-qfbn"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-9u27-bf7b-x7er"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-hygx-6n52-u7fz"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-nrxp-p6rx-8kdd"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-s84e-bb7w-5qht"},{"vulnerability":"VCID-shjb-m9k6-uuf1"},{"vulnerability":"VCID-ud5f-7gx8-83d6"},{"vulnerability":"VCID-vgga-a2ga-t3hw"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-x8n5-qj35-eqb1"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-ykmg-jcfe-8qf4"},{"vulnerability":"VCID-yuph-y2fa-3uaa"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8149?format=json","purl":"pkg:pypi/plone@4.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-n4nh-4rq4-r7hx"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-w2mv-zekv-8fcv"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3b1"}],"aliases":["CVE-2012-5487","PYSEC-2014-29"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd73-fvwg-nbgx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.2a1"}