Lucene search
Veracode Vulnerability DatabaseVERACODE:28877HistoryJan 01, 2021 - 6:46 a.m.
XML External Entity (XXE)
2021-01-0106:46:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
0.003 Low
EPSS
Percentile
68.5%
plone_supermodel is vulnerable to XML external entity (XXE) attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| plone.supermodel | le | 1.6.2 |
Related
cve
cve
CVE-2020-28736
2020-12-30 19:15:13
osv
osv
CVE-2020-28736
2020-12-30 19:15:13
PYSEC-2020-248
2020-12-30 19:15:00
Improper Restriction of XML External Entity Reference in Plone
2021-04-07 21:14:00
nvd
nvd
CVE-2020-28736
2020-12-30 19:15:13
github
github
Improper Restriction of XML External Entity Reference in Plone
2021-04-07 21:14:00
prion
prion
Design/Logic Flaw
2020-12-30 19:15:00
cvelist
cvelist
CVE-2020-28736
2020-12-30 18:40:52
openvas
openvas
Plone CMS < 5.2.3 Multiple Vulnerabilities
2021-01-15 00:00:00