Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2021/04/07 9:14 p.m.53 views

Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS8.1AI score0.01066EPSS
Exploits0References6Affected Software5
Veracode
Veracode
added 2021/01/01 6:46 a.m.36 views

XML External Entity (XXE)

plonesupermodel is vulnerable to XML external entity XXE attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources...

8.8CVSS2.9AI score0.01066EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/12/30 7:15 p.m.15 views

CVE-2020-28736

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS7AI score
Exploits0References3
Prion
Prion
added 2020/12/30 7:15 p.m.16 views

Design/Logic Flaw

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

6.5CVSS8.5AI score0.01066EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2020/12/30 7:15 p.m.5 views

PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6.8AI score0.01066EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/12/30 7:15 p.m.21 views

PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS4.2AI score0.01066EPSS
Exploits0References4
Rows per page
Query Builder