Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone

🗓️ 18 Jun 2021 18:50:44Reported by GitHub Advisory DatabaseType

Reflected XSS in Products.CMFCore and Products.PluggableAuthService

Reporter	Title	Published	Views	Family All 9
Veracode	Cross-site Scripting (XSS)	24 May 202105:09	–	veracode
NVD	CVE-2021-33507	21 May 202122:15	–	nvd
Prion	Cross site scripting	21 May 202122:15	–	prion
OSV	PYSEC-2021-79	21 May 202122:15	–	osv
OSV	Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone	18 Jun 202118:44	–	osv
OSV	CVE-2021-33507	21 May 202122:15	–	osv
CVE	CVE-2021-33507	21 May 202122:15	–	cve
Cvelist	CVE-2021-33507	21 May 202121:33	–	cvelist
OpenVAS	Plone CMS <= 5.2.4 Multiple Vulnerabilities	27 May 202100:00	–	openvas

Vulners

Node

plone ploneRange≤5.2.4

zope products.pluggableauthserviceRange<2.6.2

zope products.cmfcoreRange<2.5.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-33507
plone	www.plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
openwall	www.openwall.com/lists/oss-security/2021/05/22/1
github	www.github.com/advisories/GHSA-35rg-466w-77h3
github	www.github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-79.yaml

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Jun 2021 18:44Current

1.8Low risk

Vulners AI Score1.8

CVSS24.3

CVSS36.1

EPSS0.00474

CWE-79