{"url":"http://public2.vulnerablecode.io/api/packages/9715?format=json","purl":"pkg:pypi/plone@4.3.13","type":"pypi","namespace":"","name":"plone","version":"4.3.13","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.10","latest_non_vulnerable_version":"6.0.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35799?format=json","vulnerability_id":"VCID-1f3t-a46p-13ca","summary":"Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32633","reference_id":"","reference_type":"","scores":[{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.76644","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.76681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.76658","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.76669","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.7668","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00943","scoring_system":"epss","scoring_elements":"0.76674","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32633"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32674","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74438","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74461","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74456","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74467","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74464","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74429","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32674"},{"reference_url":"https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633"},{"reference_url":"https://github.com/advisories/GHSA-5vq5-pg3r-9ph3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vq5-pg3r-9ph3"},{"reference_url":"https://github.com/advisories/GHSA-962m-m8jw-8wrr","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-962m-m8jw-8wrr"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml"},{"reference_url":"https://github.com/zopefoundation/Zope","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope"},{"reference_url":"https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"},{"reference_url":"https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"},{"reference_url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"},{"reference_url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"},{"reference_url":"https://pypi.org/project/Zope","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/Zope"},{"reference_url":"https://pypi.org/project/Zope/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/Zope/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/21/1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/21/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32633","reference_id":"CVE-2021-32633","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32633"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32674","reference_id":"CVE-2021-32674","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32674"},{"reference_url":"https://github.com/advisories/GHSA-5pr9-v234-jw36","reference_id":"GHSA-5pr9-v234-jw36","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pr9-v234-jw36"},{"reference_url":"https://github.com/advisories/GHSA-rpcg-f9q6-2mq6","reference_id":"GHSA-rpcg-f9q6-2mq6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rpcg-f9q6-2mq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9723?format=json","purl":"pkg:pypi/plone@5.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-d6hq-qfek-1bgu"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-32633","CVE-2021-32674","GHSA-5pr9-v234-jw36","GHSA-5vq5-pg3r-9ph3","GHSA-962m-m8jw-8wrr","GHSA-rpcg-f9q6-2mq6","PYSEC-2021-104","PYSEC-2021-88"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f3t-a46p-13ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46846?format=json","vulnerability_id":"VCID-4ttq-tacy-4ugg","summary":"Improper Restriction of Rendered UI Layers or Frames\nA Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0669","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15856","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15834","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15921","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15963","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0669"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0669","reference_id":"CVE-2024-0669","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0669"},{"reference_url":"https://github.com/advisories/GHSA-5xfx-55x4-j223","reference_id":"GHSA-5xfx-55x4-j223","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xfx-55x4-j223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708112?format=json","purl":"pkg:pypi/plone@6.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/68544?format=json","purl":"pkg:pypi/plone@6.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.7"}],"aliases":["CVE-2024-0669","GHSA-5xfx-55x4-j223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ttq-tacy-4ugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35163?format=json","vulnerability_id":"VCID-5ry7-xy6b-5fag","summary":"Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000483","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53025","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5305","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53069","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53061","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000483"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/sandbox-escape","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/sandbox-escape"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532484","reference_id":"1532484","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532484"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000483","reference_id":"CVE-2017-1000483","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000483"},{"reference_url":"https://github.com/advisories/GHSA-qc57-h2f7-p4hx","reference_id":"GHSA-qc57-h2f7-p4hx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc57-h2f7-p4hx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000483","GHSA-qc57-h2f7-p4hx","PYSEC-2018-72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ry7-xy6b-5fag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35162?format=json","vulnerability_id":"VCID-69ps-uetw-y3gf","summary":"A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000482","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52463","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52443","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52485","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000482"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2233","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2233"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2234","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2234"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2235","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2235"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2236","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2236"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-71.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532485","reference_id":"1532485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532485"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482","reference_id":"CVE-2017-1000482","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000482"},{"reference_url":"https://github.com/advisories/GHSA-859j-668v-mrr6","reference_id":"GHSA-859j-668v-mrr6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-859j-668v-mrr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000482","GHSA-859j-668v-mrr6","PYSEC-2018-71"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69ps-uetw-y3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35702?format=json","vulnerability_id":"VCID-8rp3-p3qe-x7ej","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28736","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65624","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65685","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28736"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c8c-84w2-j38j"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28736","reference_id":"CVE-2020-28736","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28736","GHSA-2c8c-84w2-j38j","PYSEC-2020-248"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35762?format=json","vulnerability_id":"VCID-8v5e-zud2-g7em","summary":"A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the \"form.widgets.site_title\" parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29002","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54483","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54462","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54484","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54493","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29002"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3255","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3255"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-889.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29002"},{"reference_url":"https://www.exploit-db.com/exploits/49668","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/49668"},{"reference_url":"https://github.com/advisories/GHSA-38g6-x6jv-jwff","reference_id":"GHSA-38g6-x6jv-jwff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38g6-x6jv-jwff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21990?format=json","purl":"pkg:pypi/plone@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4"}],"aliases":["CVE-2021-29002","GHSA-38g6-x6jv-jwff","PYSEC-2021-889"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8v5e-zud2-g7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=json","vulnerability_id":"VCID-8wkk-84ky-17ak","summary":"Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7940","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5704","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57047","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56988","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57038","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5702","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7940"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7940","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7940"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798203","reference_id":"1798203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798203"},{"reference_url":"https://github.com/advisories/GHSA-cw58-gpgw-hwx2","reference_id":"GHSA-cw58-gpgw-hwx2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw58-gpgw-hwx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9722?format=json","purl":"pkg:pypi/plone@4.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20"},{"url":"http://public2.vulnerablecode.io/api/packages/14888?format=json","purl":"pkg:pypi/plone@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14880?format=json","purl":"pkg:pypi/plone@5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8t99-yuxa-ekhm"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/14881?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7940","GHSA-cw58-gpgw-hwx2","PYSEC-2020-89"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wkk-84ky-17ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35491?format=json","vulnerability_id":"VCID-9gu8-dgkr-sua3","summary":"An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7936.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7936","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5703","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57025","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57038","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57028","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5701","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7936"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7936","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7936"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798205","reference_id":"1798205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798205"},{"reference_url":"https://github.com/advisories/GHSA-82j9-wfcf-9v2h","reference_id":"GHSA-82j9-wfcf-9v2h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82j9-wfcf-9v2h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9722?format=json","purl":"pkg:pypi/plone@4.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.20"},{"url":"http://public2.vulnerablecode.io/api/packages/14888?format=json","purl":"pkg:pypi/plone@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14881?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7936","GHSA-82j9-wfcf-9v2h","PYSEC-2020-85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gu8-dgkr-sua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35806?format=json","vulnerability_id":"VCID-ax8a-2g7j-6ya2","summary":"Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33513","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53887","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53895","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5386","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53882","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33513"},{"reference_url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj67-w3m4-rfmp"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-85.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33513","reference_id":"CVE-2021-33513","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33513"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33513","GHSA-fj67-w3m4-rfmp","PYSEC-2021-85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35798?format=json","vulnerability_id":"VCID-basq-jjsf-3fbd","summary":"Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3313","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63751","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63732","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63744","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63752","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3313"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-78.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3313","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3313"},{"reference_url":"https://plone.org/download/releases/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/download/releases/5.2.3"},{"reference_url":"https://plone.org/security/hotfix/20210518","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"},{"reference_url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://github.com/advisories/GHSA-hprr-4vfq-fcxw","reference_id":"GHSA-hprr-4vfq-fcxw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hprr-4vfq-fcxw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21990?format=json","purl":"pkg:pypi/plone@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4"}],"aliases":["CVE-2021-3313","GHSA-hprr-4vfq-fcxw","PYSEC-2021-78"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35489?format=json","vulnerability_id":"VCID-bmwk-nutp-r3fs","summary":"SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7939","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61384","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61378","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61392","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61336","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61381","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61361","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7939"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-88.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7939","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7939"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798204","reference_id":"1798204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798204"},{"reference_url":"https://github.com/advisories/GHSA-hhmf-7rgg-gcw5","reference_id":"GHSA-hhmf-7rgg-gcw5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhmf-7rgg-gcw5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14881?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7939","GHSA-hhmf-7rgg-gcw5","PYSEC-2020-88"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmwk-nutp-r3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35117?format=json","vulnerability_id":"VCID-cpwq-sq8b-4yhf","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt"},{"reference_url":"http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7293","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5641","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56409","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56422","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56415","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56393","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7293"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-51.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7293","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7293"},{"reference_url":"https://plone.org/security/hotfix/20151006","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20151006"},{"reference_url":"https://pypi.python.org/pypi/plone4.csrffixes","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.python.org/pypi/plone4.csrffixes"},{"reference_url":"https://www.exploit-db.com/exploits/38411","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/38411"},{"reference_url":"https://www.exploit-db.com/exploits/38411/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/38411/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt","reference_id":"CVE-2015-7293;OSVDB-128533;OSVDB-128532","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/38411.txt"},{"reference_url":"https://github.com/advisories/GHSA-p3qm-44cf-f8qx","reference_id":"GHSA-p3qm-44cf-f8qx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3qm-44cf-f8qx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9723?format=json","purl":"pkg:pypi/plone@5.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-d6hq-qfek-1bgu"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-h4kd-eh8g-gude"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-wuas-tkd4-rkd4"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0a1"}],"aliases":["CVE-2015-7293","GHSA-p3qm-44cf-f8qx","PYSEC-2017-51"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwq-sq8b-4yhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35801?format=json","vulnerability_id":"VCID-d42u-s7za-a3ad","summary":"Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33511","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51238","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51275","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51254","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51284","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51305","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.513","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33511"},{"reference_url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc9g-67cq-p7v4"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-83.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33511","reference_id":"CVE-2021-33511","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33511","GHSA-gc9g-67cq-p7v4","PYSEC-2021-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35161?format=json","vulnerability_id":"VCID-dg61-tw4u-dbcc","summary":"When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000481","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41489","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4148","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41459","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41542","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41535","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41511","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000481"},{"reference_url":"https://github.com/plone/Products.CMFPlone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8"},{"reference_url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2233","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2233"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2234","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2234"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2235","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2235"},{"reference_url":"https://github.com/plone/Products.CMFPlone/pull/2236","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/pull/2236"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/open-redirection-on-login-form","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532489","reference_id":"1532489","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000481","reference_id":"CVE-2017-1000481","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000481"},{"reference_url":"https://github.com/advisories/GHSA-8g72-gq68-6gqh","reference_id":"GHSA-8g72-gq68-6gqh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g72-gq68-6gqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000481","GHSA-8g72-gq68-6gqh","PYSEC-2018-70"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35164?format=json","vulnerability_id":"VCID-edq7-7ncc-mbfx","summary":"By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000484","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41489","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4148","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41511","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41542","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41535","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41459","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000484"},{"reference_url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvwv-6wvx-px9x"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/2232","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/2232"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml"},{"reference_url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532487","reference_id":"1532487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484","reference_id":"CVE-2017-1000484","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000484"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9718?format=json","purl":"pkg:pypi/plone@4.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-cpwq-sq8b-4yhf"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/10591?format=json","purl":"pkg:pypi/plone@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0"}],"aliases":["CVE-2017-1000484","GHSA-xvwv-6wvx-px9x","PYSEC-2018-73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35800?format=json","vulnerability_id":"VCID-eu4z-htaq-c3d6","summary":"Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33510","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30484","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30477","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30494","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30525","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30558","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33510"},{"reference_url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4mg4-wvmx-5332"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33510","reference_id":"CVE-2021-33510","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33510","GHSA-4mg4-wvmx-5332","PYSEC-2021-82"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35701?format=json","vulnerability_id":"VCID-exan-4j3e-2qeh","summary":"Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28734","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65624","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65685","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28734"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq6x-g685-w5f2"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-246.yaml"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28734","reference_id":"CVE-2020-28734","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28734","GHSA-wq6x-g685-w5f2","PYSEC-2020-246"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exan-4j3e-2qeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35700?format=json","vulnerability_id":"VCID-fdpc-runu-ekah","summary":"Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28735","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65624","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65685","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28735"},{"reference_url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7wf-5mjc-6x76"},{"reference_url":"https://github.com/plone/Products.CMFPlone/issues/3209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Products.CMFPlone/issues/3209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml"},{"reference_url":"https://www.misakikata.com/codes/plone/python-en.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.misakikata.com/codes/plone/python-en.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28735","reference_id":"CVE-2020-28735","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28735"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19507?format=json","purl":"pkg:pypi/plone@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3"}],"aliases":["CVE-2020-28735","GHSA-x7wf-5mjc-6x76","PYSEC-2020-247"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpc-runu-ekah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35490?format=json","vulnerability_id":"VCID-j8fv-uhxw-jkcw","summary":"A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7941","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70446","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70435","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70423","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7941"},{"reference_url":"https://github.com/plone/plone.app.contenttypes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/plone.app.contenttypes"},{"reference_url":"https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/plone.app.contenttypes/blob/master/CHANGES.rst?plain=1#L372-L374"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-90.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7941","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7941"},{"reference_url":"https://plone.org/security/hotfix/20200121","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121"},{"reference_url":"https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/01/22/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/01/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/24/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/24/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798201","reference_id":"1798201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798201"},{"reference_url":"https://github.com/advisories/GHSA-w6g9-xccc-347h","reference_id":"GHSA-w6g9-xccc-347h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6g9-xccc-347h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14881?format=json","purl":"pkg:pypi/plone@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2"}],"aliases":["CVE-2020-7941","GHSA-w6g9-xccc-347h","PYSEC-2020-90"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fv-uhxw-jkcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35805?format=json","vulnerability_id":"VCID-p71t-er3d-9fdn","summary":"Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33512","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5386","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53882","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53895","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53887","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33512"},{"reference_url":"https://github.com/advisories/GHSA-hm2h-f456-6j88","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm2h-f456-6j88"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-84.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33512","reference_id":"CVE-2021-33512","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33512"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33512","GHSA-hm2h-f456-6j88","PYSEC-2021-84"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p71t-er3d-9fdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35030?format=json","vulnerability_id":"VCID-pzke-4by2-w3hk","summary":"Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4042","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45961","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45981","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45978","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45946","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45934","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4042"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4042","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4042"},{"reference_url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/2"},{"reference_url":"https://github.com/advisories/GHSA-v4vj-49m5-wjhw","reference_id":"GHSA-v4vj-49m5-wjhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v4vj-49m5-wjhw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9622?format=json","purl":"pkg:pypi/plone@5.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-jvvz-bafs-t7gc"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9714?format=json","purl":"pkg:pypi/plone@5.1a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2"}],"aliases":["CVE-2016-4042","GHSA-v4vj-49m5-wjhw","PYSEC-2017-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzke-4by2-w3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35804?format=json","vulnerability_id":"VCID-q7nt-b3s9-9kf6","summary":"Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33507","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52311","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52284","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52263","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52292","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52244","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52304","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33507"},{"reference_url":"https://github.com/advisories/GHSA-35rg-466w-77h3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35rg-466w-77h3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33507","reference_id":"CVE-2021-33507","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33507","GHSA-35rg-466w-77h3","PYSEC-2021-79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35802?format=json","vulnerability_id":"VCID-r52t-hx1j-ufa1","summary":"Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33508","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50892","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50876","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50906","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50926","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50921","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33508"},{"reference_url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmpv-rcp6-v8wc"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-80.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33508","reference_id":"CVE-2021-33508","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33508","GHSA-rmpv-rcp6-v8wc","PYSEC-2021-80"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47196?format=json","vulnerability_id":"VCID-th3f-wx1q-eba5","summary":"Phone information disclosure vulnerability\nDue to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22889","reference_id":"","reference_type":"","scores":[{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68477","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.6848","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68476","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68484","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22889"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22889","reference_id":"CVE-2024-22889","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22889"},{"reference_url":"https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9","reference_id":"CVE-2024-22889-PLONE-V6.0.9","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:30:42Z/"}],"url":"https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"},{"reference_url":"https://github.com/advisories/GHSA-xg5p-8wg5-rhxm","reference_id":"GHSA-xg5p-8wg5-rhxm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg5p-8wg5-rhxm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/724418?format=json","purl":"pkg:pypi/plone@6.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@6.0.10"}],"aliases":["CVE-2024-22889","GHSA-xg5p-8wg5-rhxm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th3f-wx1q-eba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35803?format=json","vulnerability_id":"VCID-x2xm-hpc2-uubq","summary":"Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33509","reference_id":"","reference_type":"","scores":[{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.7522","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75193","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75207","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75215","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.75211","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33509"},{"reference_url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm2p-fhwx-9285"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml"},{"reference_url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/22/1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/22/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33509","reference_id":"CVE-2021-33509","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33509","GHSA-hm2p-fhwx-9285","PYSEC-2021-81"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36381?format=json","vulnerability_id":"VCID-z4jt-v88h-77er","summary":"An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33926","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66416","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66412","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66394","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66408","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66424","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66376","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33926"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml"},{"reference_url":"https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"},{"reference_url":"https://plone.org/security/hotfix/20210518","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://plone.org/security/hotfix/20210518"},{"reference_url":"https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-19T14:12:55Z/"}],"url":"https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33926","reference_id":"CVE-2021-33926","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33926"},{"reference_url":"https://github.com/advisories/GHSA-47p5-p3jw-w78w","reference_id":"GHSA-47p5-p3jw-w78w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47p5-p3jw-w78w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22026?format=json","purl":"pkg:pypi/plone@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-th3f-wx1q-eba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5"}],"aliases":["CVE-2021-33926","GHSA-47p5-p3jw-w78w","PYSEC-2023-289"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4jt-v88h-77er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35029?format=json","vulnerability_id":"VCID-zwnj-revc-vbd6","summary":"Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4041","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62801","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62829","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62844","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62853","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62845","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4041"},{"reference_url":"https://github.com/plone/Plone","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plone/Plone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4041","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4041"},{"reference_url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/1"},{"reference_url":"https://github.com/advisories/GHSA-qqgj-22gr-73vx","reference_id":"GHSA-qqgj-22gr-73vx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqgj-22gr-73vx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9622?format=json","purl":"pkg:pypi/plone@5.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w2-gd3m-2qff"},{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-5n6e-cha8-nyb8"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-ay85-551m-vfej"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-hhux-xufk-ube2"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-jvvz-bafs-t7gc"},{"vulnerability":"VCID-mn7t-zgfw-tqfw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-pzke-4by2-w3hk"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-yfkz-3xu3-vyc9"},{"vulnerability":"VCID-z4jt-v88h-77er"},{"vulnerability":"VCID-zwnj-revc-vbd6"},{"vulnerability":"VCID-zy2g-gzmk-1qcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9714?format=json","purl":"pkg:pypi/plone@5.1a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f3t-a46p-13ca"},{"vulnerability":"VCID-29gf-82fr-k3h8"},{"vulnerability":"VCID-4ttq-tacy-4ugg"},{"vulnerability":"VCID-5ry7-xy6b-5fag"},{"vulnerability":"VCID-6568-4ert-1bau"},{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-8rp3-p3qe-x7ej"},{"vulnerability":"VCID-8v5e-zud2-g7em"},{"vulnerability":"VCID-8wkk-84ky-17ak"},{"vulnerability":"VCID-951j-w95x-83g8"},{"vulnerability":"VCID-9gu8-dgkr-sua3"},{"vulnerability":"VCID-ax8a-2g7j-6ya2"},{"vulnerability":"VCID-basq-jjsf-3fbd"},{"vulnerability":"VCID-bmwk-nutp-r3fs"},{"vulnerability":"VCID-d42u-s7za-a3ad"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-edq7-7ncc-mbfx"},{"vulnerability":"VCID-eu4z-htaq-c3d6"},{"vulnerability":"VCID-exan-4j3e-2qeh"},{"vulnerability":"VCID-fdpc-runu-ekah"},{"vulnerability":"VCID-j8fv-uhxw-jkcw"},{"vulnerability":"VCID-p71t-er3d-9fdn"},{"vulnerability":"VCID-q7nt-b3s9-9kf6"},{"vulnerability":"VCID-r52t-hx1j-ufa1"},{"vulnerability":"VCID-th3f-wx1q-eba5"},{"vulnerability":"VCID-x2xm-hpc2-uubq"},{"vulnerability":"VCID-z4jt-v88h-77er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2"}],"aliases":["CVE-2016-4041","GHSA-qqgj-22gr-73vx","PYSEC-2017-55"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwnj-revc-vbd6"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.13"}