CVE-2021-33507

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-33507

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33507.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-33507

Aliases

Published

2021-05-21T22:15:08.470Z

Modified

2026-04-10T04:33:52.364888Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type

GIT

Repo

https://github.com/plone/plone

Events

Introduced

Last affected

3e89ee5f870a3d25b49e7e6ebdb27990875cae63

Introduced

c4244a4887e0901a1c17b3ee60e1cfbe19ee46c5

Last affected

d5b50de9c17faac5051d06141bd12cd3e40af8e8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.20"
        },
        {
            "introduced": "5.0"
        },
        {
            "last_affected": "5.2.4"
        }
    ]
}

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.3

4.3.1

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

4.3.2

4.3.20

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33507.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.5.1"
            }
        ]
    }
]