CVE-2021-33512

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33512

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33512.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-33512

Aliases

Published

2021-05-21T22:15:08.630Z

Modified

2025-11-20T11:44:57.765780Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type: GIT
Repo: https://github.com/plone/plone
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d5b50de9c17faac5051d06141bd12cd3e40af8e8

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.3

4.3.1

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.0a2

5.0a3

5.0b1

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33512.json"