Vulnerabilities > Plone > Plone > 4.3.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2021-21336 | Information Exposure vulnerability in multiple products Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 4.0 |
| 2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 6.5 |
| 2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 6.5 |
| 2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 6.5 |
| 2020-01-23 | CVE-2020-7941 | Improper Privilege Management vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 7.5 |