CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Github Security Blog•added 2021/04/07 9:13 p.m.•47 views

SSRF attacks via tracebacks in Plone

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

8.8CVSS8.3AI score0.00484EPSS

Exploits0References6Affected Software5

OSV•added 2020/12/30 7:15 p.m.•10 views

CVE-2020-28734

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS7AI score

Exploits0References3

Prion•added 2020/12/30 7:15 p.m.•17 views

Design/Logic Flaw

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

6.5CVSS8.5AI score0.00484EPSS

Exploits0References3Affected Software1

OSV•added 2020/12/30 7:15 p.m.•15 views

PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS4.2AI score0.00484EPSS

Exploits0References4

CVE•added 2020/12/30 6:40 p.m.•80 views

CVE-2020-28736

CVE-2020-28736 affects Plone prior to 5.2.3. A XXE vulnerability exists in a feature protected by the unapplied permission plone.schemaeditor.ManageSchemata, making it accessible only to the Manager role. This leads to XML External Entity attacks that could impact confidentiality, integrity, and ...

8.8CVSS8.4AI score0.00484EPSS

Exploits0References3Affected Software1