Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/plone@5.0rc1
Typepypi
Namespace
Nameplone
Version5.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.5
Latest_non_vulnerable_version6.0.7
Affected_by_vulnerabilities
0
url VCID-6568-4ert-1bau
vulnerability_id VCID-6568-4ert-1bau
summary Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
references
0
reference_url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
1
reference_url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
2
reference_url https://github.com/plone/Products.CMFPlone/pull/1912
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/pull/1912
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
4
reference_url https://plone.org/security/hotfix/20170117/sandbox-escape
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20170117/sandbox-escape
5
reference_url http://www.openwall.com/lists/oss-security/2017/01/18/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2017/01/18/6
6
reference_url http://www.securityfocus.com/bid/95679
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95679
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
reference_id CVE-2017-5524
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5524
fixed_packages
0
url pkg:pypi/plone@5.0.7
purl pkg:pypi/plone@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-jvvz-bafs-t7gc
18
vulnerability VCID-p71t-er3d-9fdn
19
vulnerability VCID-pzke-4by2-w3hk
20
vulnerability VCID-q7nt-b3s9-9kf6
21
vulnerability VCID-r52t-hx1j-ufa1
22
vulnerability VCID-x2xm-hpc2-uubq
23
vulnerability VCID-z4jt-v88h-77er
24
vulnerability VCID-zwnj-revc-vbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7
1
url pkg:pypi/plone@5.1b1
purl pkg:pypi/plone@5.1b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-p71t-er3d-9fdn
18
vulnerability VCID-q7nt-b3s9-9kf6
19
vulnerability VCID-r52t-hx1j-ufa1
20
vulnerability VCID-x2xm-hpc2-uubq
21
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1
aliases CVE-2017-5524, GHSA-p5wr-vp8g-q5p4, PYSEC-2017-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6568-4ert-1bau
1
url VCID-8rp3-p3qe-x7ej
vulnerability_id VCID-8rp3-p3qe-x7ej
summary Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
references
0
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
1
reference_url https://github.com/advisories/GHSA-2c8c-84w2-j38j
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2c8c-84w2-j38j
2
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/issues/3209
3
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-ax8a-2g7j-6ya2
2
vulnerability VCID-basq-jjsf-3fbd
3
vulnerability VCID-d42u-s7za-a3ad
4
vulnerability VCID-eu4z-htaq-c3d6
5
vulnerability VCID-p71t-er3d-9fdn
6
vulnerability VCID-q7nt-b3s9-9kf6
7
vulnerability VCID-r52t-hx1j-ufa1
8
vulnerability VCID-x2xm-hpc2-uubq
9
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej
2
url VCID-8wkk-84ky-17ak
vulnerability_id VCID-8wkk-84ky-17ak
summary Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
references
0
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121
1
reference_url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
2
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/01/22/1
3
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.1
purl pkg:pypi/plone@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-8t99-yuxa-ekhm
3
vulnerability VCID-951j-w95x-83g8
4
vulnerability VCID-9gu8-dgkr-sua3
5
vulnerability VCID-ax8a-2g7j-6ya2
6
vulnerability VCID-basq-jjsf-3fbd
7
vulnerability VCID-bmwk-nutp-r3fs
8
vulnerability VCID-d42u-s7za-a3ad
9
vulnerability VCID-eu4z-htaq-c3d6
10
vulnerability VCID-exan-4j3e-2qeh
11
vulnerability VCID-fdpc-runu-ekah
12
vulnerability VCID-j8fv-uhxw-jkcw
13
vulnerability VCID-p71t-er3d-9fdn
14
vulnerability VCID-q7nt-b3s9-9kf6
15
vulnerability VCID-r52t-hx1j-ufa1
16
vulnerability VCID-x2xm-hpc2-uubq
17
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1
aliases CVE-2020-7940, PYSEC-2020-89
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wkk-84ky-17ak
3
url VCID-9gu8-dgkr-sua3
vulnerability_id VCID-9gu8-dgkr-sua3
summary An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
references
0
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121
1
reference_url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
2
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/01/22/1
3
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-ax8a-2g7j-6ya2
3
vulnerability VCID-basq-jjsf-3fbd
4
vulnerability VCID-d42u-s7za-a3ad
5
vulnerability VCID-eu4z-htaq-c3d6
6
vulnerability VCID-exan-4j3e-2qeh
7
vulnerability VCID-fdpc-runu-ekah
8
vulnerability VCID-p71t-er3d-9fdn
9
vulnerability VCID-q7nt-b3s9-9kf6
10
vulnerability VCID-r52t-hx1j-ufa1
11
vulnerability VCID-x2xm-hpc2-uubq
12
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7936, PYSEC-2020-85
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gu8-dgkr-sua3
4
url VCID-ax8a-2g7j-6ya2
vulnerability_id VCID-ax8a-2g7j-6ya2
summary Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
references
0
reference_url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fj67-w3m4-rfmp
1
reference_url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2
5
url VCID-basq-jjsf-3fbd
vulnerability_id VCID-basq-jjsf-3fbd
summary Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
references
0
reference_url https://plone.org/download/releases/5.2.3
reference_id
reference_type
scores
url https://plone.org/download/releases/5.2.3
1
reference_url https://plone.org/security/hotfix/20210518
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518
2
reference_url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
reference_id
reference_type
scores
url https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
3
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.4
purl pkg:pypi/plone@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-ax8a-2g7j-6ya2
2
vulnerability VCID-d42u-s7za-a3ad
3
vulnerability VCID-eu4z-htaq-c3d6
4
vulnerability VCID-p71t-er3d-9fdn
5
vulnerability VCID-q7nt-b3s9-9kf6
6
vulnerability VCID-r52t-hx1j-ufa1
7
vulnerability VCID-x2xm-hpc2-uubq
8
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4
aliases CVE-2021-3313, PYSEC-2021-78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd
6
url VCID-bmwk-nutp-r3fs
vulnerability_id VCID-bmwk-nutp-r3fs
summary SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
references
0
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121
1
reference_url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
2
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/01/22/1
3
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-ax8a-2g7j-6ya2
3
vulnerability VCID-basq-jjsf-3fbd
4
vulnerability VCID-d42u-s7za-a3ad
5
vulnerability VCID-eu4z-htaq-c3d6
6
vulnerability VCID-exan-4j3e-2qeh
7
vulnerability VCID-fdpc-runu-ekah
8
vulnerability VCID-p71t-er3d-9fdn
9
vulnerability VCID-q7nt-b3s9-9kf6
10
vulnerability VCID-r52t-hx1j-ufa1
11
vulnerability VCID-x2xm-hpc2-uubq
12
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7939, PYSEC-2020-88
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmwk-nutp-r3fs
7
url VCID-d42u-s7za-a3ad
vulnerability_id VCID-d42u-s7za-a3ad
summary Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
references
0
reference_url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gc9g-67cq-p7v4
1
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad
8
url VCID-edq7-7ncc-mbfx
vulnerability_id VCID-edq7-7ncc-mbfx
summary By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
references
0
reference_url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xvwv-6wvx-px9x
1
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
url https://github.com/plone/Plone
2
reference_url https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/issues/2232
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
4
reference_url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
reference_id CVE-2017-1000484
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
fixed_packages
0
url pkg:pypi/plone@5.1.0
purl pkg:pypi/plone@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-8wkk-84ky-17ak
3
vulnerability VCID-951j-w95x-83g8
4
vulnerability VCID-9gu8-dgkr-sua3
5
vulnerability VCID-ax8a-2g7j-6ya2
6
vulnerability VCID-basq-jjsf-3fbd
7
vulnerability VCID-bmwk-nutp-r3fs
8
vulnerability VCID-d42u-s7za-a3ad
9
vulnerability VCID-eu4z-htaq-c3d6
10
vulnerability VCID-exan-4j3e-2qeh
11
vulnerability VCID-fdpc-runu-ekah
12
vulnerability VCID-j8fv-uhxw-jkcw
13
vulnerability VCID-p71t-er3d-9fdn
14
vulnerability VCID-q7nt-b3s9-9kf6
15
vulnerability VCID-r52t-hx1j-ufa1
16
vulnerability VCID-x2xm-hpc2-uubq
17
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0
aliases CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx
9
url VCID-eu4z-htaq-c3d6
vulnerability_id VCID-eu4z-htaq-c3d6
summary Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
references
0
reference_url https://github.com/advisories/GHSA-4mg4-wvmx-5332
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4mg4-wvmx-5332
1
reference_url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6
10
url VCID-exan-4j3e-2qeh
vulnerability_id VCID-exan-4j3e-2qeh
summary Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
references
0
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
1
reference_url https://github.com/advisories/GHSA-wq6x-g685-w5f2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wq6x-g685-w5f2
2
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/issues/3209
3
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-ax8a-2g7j-6ya2
2
vulnerability VCID-basq-jjsf-3fbd
3
vulnerability VCID-d42u-s7za-a3ad
4
vulnerability VCID-eu4z-htaq-c3d6
5
vulnerability VCID-p71t-er3d-9fdn
6
vulnerability VCID-q7nt-b3s9-9kf6
7
vulnerability VCID-r52t-hx1j-ufa1
8
vulnerability VCID-x2xm-hpc2-uubq
9
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28734, GHSA-wq6x-g685-w5f2, PYSEC-2020-246
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-exan-4j3e-2qeh
11
url VCID-fdpc-runu-ekah
vulnerability_id VCID-fdpc-runu-ekah
summary Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
references
0
reference_url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
1
reference_url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-x7wf-5mjc-6x76
2
reference_url https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/issues/3209
3
reference_url https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url https://www.misakikata.com/codes/plone/python-en.html
fixed_packages
0
url pkg:pypi/plone@5.2.3
purl pkg:pypi/plone@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-ax8a-2g7j-6ya2
2
vulnerability VCID-basq-jjsf-3fbd
3
vulnerability VCID-d42u-s7za-a3ad
4
vulnerability VCID-eu4z-htaq-c3d6
5
vulnerability VCID-p71t-er3d-9fdn
6
vulnerability VCID-q7nt-b3s9-9kf6
7
vulnerability VCID-r52t-hx1j-ufa1
8
vulnerability VCID-x2xm-hpc2-uubq
9
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3
aliases CVE-2020-28735, GHSA-x7wf-5mjc-6x76, PYSEC-2020-247
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpc-runu-ekah
12
url VCID-h4kd-eh8g-gude
vulnerability_id VCID-h4kd-eh8g-gude
summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1264788
1
reference_url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
reference_id
reference_type
scores
url https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
2
reference_url https://plone.org/security/20150910/
reference_id
reference_type
scores
url https://plone.org/security/20150910/
3
reference_url https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url https://plone.org/security/20150910/non-persistent-xss-in-plone
4
reference_url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
5
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
6
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/14
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/09/22/14
fixed_packages
0
url pkg:pypi/plone@5.0rc2
purl pkg:pypi/plone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6568-4ert-1bau
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-8wkk-84ky-17ak
3
vulnerability VCID-9gu8-dgkr-sua3
4
vulnerability VCID-ax8a-2g7j-6ya2
5
vulnerability VCID-basq-jjsf-3fbd
6
vulnerability VCID-bmwk-nutp-r3fs
7
vulnerability VCID-d42u-s7za-a3ad
8
vulnerability VCID-edq7-7ncc-mbfx
9
vulnerability VCID-eu4z-htaq-c3d6
10
vulnerability VCID-exan-4j3e-2qeh
11
vulnerability VCID-fdpc-runu-ekah
12
vulnerability VCID-j8fv-uhxw-jkcw
13
vulnerability VCID-jvvz-bafs-t7gc
14
vulnerability VCID-p71t-er3d-9fdn
15
vulnerability VCID-pzke-4by2-w3hk
16
vulnerability VCID-q7nt-b3s9-9kf6
17
vulnerability VCID-r52t-hx1j-ufa1
18
vulnerability VCID-x2xm-hpc2-uubq
19
vulnerability VCID-z4jt-v88h-77er
20
vulnerability VCID-zwnj-revc-vbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2
aliases CVE-2015-7316, PYSEC-2017-53
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude
13
url VCID-j8fv-uhxw-jkcw
vulnerability_id VCID-j8fv-uhxw-jkcw
summary A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
references
0
reference_url https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121
1
reference_url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
2
reference_url https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/01/22/1
3
reference_url http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/01/24/1
fixed_packages
0
url pkg:pypi/plone@5.2.2
purl pkg:pypi/plone@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-ax8a-2g7j-6ya2
3
vulnerability VCID-basq-jjsf-3fbd
4
vulnerability VCID-d42u-s7za-a3ad
5
vulnerability VCID-eu4z-htaq-c3d6
6
vulnerability VCID-exan-4j3e-2qeh
7
vulnerability VCID-fdpc-runu-ekah
8
vulnerability VCID-p71t-er3d-9fdn
9
vulnerability VCID-q7nt-b3s9-9kf6
10
vulnerability VCID-r52t-hx1j-ufa1
11
vulnerability VCID-x2xm-hpc2-uubq
12
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2
aliases CVE-2020-7941, PYSEC-2020-90
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fv-uhxw-jkcw
14
url VCID-jvvz-bafs-t7gc
vulnerability_id VCID-jvvz-bafs-t7gc
summary Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
references
0
reference_url https://plone.org/security/hotfix/20160419/bypass-restricted-python
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20160419/bypass-restricted-python
1
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/04/20/3
fixed_packages
0
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-p71t-er3d-9fdn
18
vulnerability VCID-q7nt-b3s9-9kf6
19
vulnerability VCID-r52t-hx1j-ufa1
20
vulnerability VCID-x2xm-hpc2-uubq
21
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4043, PYSEC-2017-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-bafs-t7gc
15
url VCID-p71t-er3d-9fdn
vulnerability_id VCID-p71t-er3d-9fdn
summary Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
references
0
reference_url https://github.com/advisories/GHSA-hm2h-f456-6j88
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hm2h-f456-6j88
1
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33512, GHSA-hm2h-f456-6j88, PYSEC-2021-84
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p71t-er3d-9fdn
16
url VCID-pzke-4by2-w3hk
vulnerability_id VCID-pzke-4by2-w3hk
summary Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
references
0
reference_url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
1
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/04/20/2
fixed_packages
0
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-p71t-er3d-9fdn
18
vulnerability VCID-q7nt-b3s9-9kf6
19
vulnerability VCID-r52t-hx1j-ufa1
20
vulnerability VCID-x2xm-hpc2-uubq
21
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4042, PYSEC-2017-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzke-4by2-w3hk
17
url VCID-q7nt-b3s9-9kf6
vulnerability_id VCID-q7nt-b3s9-9kf6
summary Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
references
0
reference_url https://github.com/advisories/GHSA-35rg-466w-77h3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-35rg-466w-77h3
1
reference_url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6
18
url VCID-r52t-hx1j-ufa1
vulnerability_id VCID-r52t-hx1j-ufa1
summary Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
references
0
reference_url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
1
reference_url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1
19
url VCID-wuas-tkd4-rkd4
vulnerability_id VCID-wuas-tkd4-rkd4
summary Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1264791
1
reference_url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
reference_id
reference_type
scores
url https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
2
reference_url https://plone.org/security/20150910
reference_id
reference_type
scores
url https://plone.org/security/20150910
3
reference_url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
4
reference_url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
5
reference_url https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Products.PloneHotfix20150910
6
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/13
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/09/22/13
fixed_packages
0
url pkg:pypi/plone@5.0rc2
purl pkg:pypi/plone@5.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6568-4ert-1bau
1
vulnerability VCID-8rp3-p3qe-x7ej
2
vulnerability VCID-8wkk-84ky-17ak
3
vulnerability VCID-9gu8-dgkr-sua3
4
vulnerability VCID-ax8a-2g7j-6ya2
5
vulnerability VCID-basq-jjsf-3fbd
6
vulnerability VCID-bmwk-nutp-r3fs
7
vulnerability VCID-d42u-s7za-a3ad
8
vulnerability VCID-edq7-7ncc-mbfx
9
vulnerability VCID-eu4z-htaq-c3d6
10
vulnerability VCID-exan-4j3e-2qeh
11
vulnerability VCID-fdpc-runu-ekah
12
vulnerability VCID-j8fv-uhxw-jkcw
13
vulnerability VCID-jvvz-bafs-t7gc
14
vulnerability VCID-p71t-er3d-9fdn
15
vulnerability VCID-pzke-4by2-w3hk
16
vulnerability VCID-q7nt-b3s9-9kf6
17
vulnerability VCID-r52t-hx1j-ufa1
18
vulnerability VCID-x2xm-hpc2-uubq
19
vulnerability VCID-z4jt-v88h-77er
20
vulnerability VCID-zwnj-revc-vbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2
aliases CVE-2015-7315, PYSEC-2017-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuas-tkd4-rkd4
20
url VCID-x2xm-hpc2-uubq
vulnerability_id VCID-x2xm-hpc2-uubq
summary Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
references
0
reference_url https://github.com/advisories/GHSA-hm2p-fhwx-9285
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hm2p-fhwx-9285
1
reference_url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
2
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq
21
url VCID-z4jt-v88h-77er
vulnerability_id VCID-z4jt-v88h-77er
summary An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
references
0
reference_url https://github.com/plone/Plone
reference_id
reference_type
scores
url https://github.com/plone/Plone
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
2
reference_url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
3
reference_url https://plone.org/security/hotfix/20210518
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://plone.org/security/hotfix/20210518
4
reference_url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
reference_id CVE-2021-33926
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-33926
6
reference_url https://github.com/advisories/GHSA-47p5-p3jw-w78w
reference_id GHSA-47p5-p3jw-w78w
reference_type
scores
url https://github.com/advisories/GHSA-47p5-p3jw-w78w
fixed_packages
0
url pkg:pypi/plone@5.2.5
purl pkg:pypi/plone@5.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5
aliases CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4jt-v88h-77er
22
url VCID-zwnj-revc-vbd6
vulnerability_id VCID-zwnj-revc-vbd6
summary Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
references
0
reference_url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
url https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
1
reference_url http://www.openwall.com/lists/oss-security/2016/04/20/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/04/20/1
fixed_packages
0
url pkg:pypi/plone@5.1a2
purl pkg:pypi/plone@5.1a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29gf-82fr-k3h8
1
vulnerability VCID-5ry7-xy6b-5fag
2
vulnerability VCID-69ps-uetw-y3gf
3
vulnerability VCID-8rp3-p3qe-x7ej
4
vulnerability VCID-8wkk-84ky-17ak
5
vulnerability VCID-951j-w95x-83g8
6
vulnerability VCID-9gu8-dgkr-sua3
7
vulnerability VCID-ax8a-2g7j-6ya2
8
vulnerability VCID-basq-jjsf-3fbd
9
vulnerability VCID-bmwk-nutp-r3fs
10
vulnerability VCID-d42u-s7za-a3ad
11
vulnerability VCID-dg61-tw4u-dbcc
12
vulnerability VCID-edq7-7ncc-mbfx
13
vulnerability VCID-eu4z-htaq-c3d6
14
vulnerability VCID-exan-4j3e-2qeh
15
vulnerability VCID-fdpc-runu-ekah
16
vulnerability VCID-j8fv-uhxw-jkcw
17
vulnerability VCID-p71t-er3d-9fdn
18
vulnerability VCID-q7nt-b3s9-9kf6
19
vulnerability VCID-r52t-hx1j-ufa1
20
vulnerability VCID-x2xm-hpc2-uubq
21
vulnerability VCID-z4jt-v88h-77er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2
aliases CVE-2016-4041, PYSEC-2017-55
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwnj-revc-vbd6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc1