3 matches found
CVE-2020-28734
creationtimestamp| type| source ---|---|--- 2026-07-07 20:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq3hhejvq42k...
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-28734 via plone-app-dexterity (=2.5.2)
plone-app-dexterity PYPI version =2.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-dexterity and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-28734 Source advisory: OSV:GHSA-WQ6X-G685-W5F2...
CVE-2020-28734
Plone before 5.2.3 is vulnerable to an XML External Entity (XXE) attack via a feature limited to the Manager role. The CVE entry (CVE-2020-28734) is corroborated by multiple connected sources (Red Hat, OSV, CNVD, GHSA, NVD, and OpenVAS entries) indicating an XXE issue that affects Plone versions ...