The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-58.yaml"