Vulnerabilities > Plone > Plone > 5.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-23 | CVE-2020-7937 | Cross-site Scripting vulnerability in Plone An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | 3.5 |
2020-01-23 | CVE-2020-7936 | Open Redirect vulnerability in Plone An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | 5.8 |