Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Plone <= 5.2.4 Multiple Vulnerabilities

Information

Severity

Severity

High

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

8.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

Plone is prone to multiple vulnerabilities.

Insight

Insight

The following vulnerabilities exist: - CVE-2021-3313, CVE-2021-33508: Stored XSS from user fullname - CVE-2021-21360, CVE-2021-21336: Various information disclosures - CVE-2021-32633: Remote Code Execution via traversal in expressions - CVE-2021-33507: Reflected XSS in various spots - CVE-2021-33509: Writing arbitrary files via docutils and Python Script - CVE-2021-33510: Server Side Request Forgery via event ical URL - CVE-2021-33511: Server Side Request Forgery via lxml parser - CVE-2021-33512: Reflected XSS in various spots - CVE-2021-33513: Stored XSS from user fullname

Affected Software

Affected Software

Plone through version 5.2.4.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Install the provided Hotfix.