plone_supermodel is vulnerable to XML external entity (XXE) attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources.
CPE | Name | Operator | Version |
---|---|---|---|
plone.supermodel | le | 1.6.2 |