PYSEC-2021-79

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-79.yaml

Aliases

Published

2021-05-21T22:15:00Z

Modified

2023-11-08T04:06:04.891546Z

Details

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

References

Affected packages

PyPI / plone

Package

Name: plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

5.2.5

Affected versions

3.*

3.2a1

3.2rc1

3.2

3.2.1

3.2.2

3.2.3

3.3b1

3.3rc1

3.3rc2

3.3rc3

3.3rc4

3.3rc5

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

4.*

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0b1

4.0b2

4.0b3

4.0b4

4.0b5

4.0rc1

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

4.3.20

5.*

5.0a1

5.0a2

5.0a3

5.0b1

5.0b2

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4