CVE-2020-28734
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-28734
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28734.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-28734
- Aliases
- Published
- 2020-12-30T19:15:13Z
- Modified
- 2024-10-12T06:29:19.005595Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
- References
Affected packages
Git / github.com/plone/plone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/plone/plone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.3
4.3.1
4.3a1
4.3a2
4.3b1
4.3b2
5.*
5.0
5.0.1
5.0.2
5.0a2
5.0a3
5.0b1
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.2.0
5.2.1
5.2.2
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5