14 matches found
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
EUVD-2021-0193
Malware in sbrugna...
Scrapy 安全漏洞
Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...
XML External Entity (XXE) Injection
pywps is vulnerable to XML External Entity XXE Injection. An attacker is able to view files on the application server filesystem as the lxml default parser allows assigning a path to the entity...
Server-Side Request Forgery in Plone
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
Plone server-side request forgery vulnerability
Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...
Server Side Request Forgery
plone is vulnerable to server side request forgery. An attacker is able to submit requests on behalf of the server via the lxml parser...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
CVE-2021-33511: Plone (
Plone 代码问题漏洞
Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...
XML External Entity (XXE)
petl is vulnerable to XML External Entities XXE. The vulnerability exists as external entities were not disabled by default by the default lxml parser...