CVE-2020-28736
HIGH WAF: High
CVSS 8.8
Published: 2020-12-30
CWE-611
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| plone | plone | up to 5.2.3 |
References
- dist.plone.org (Release Notes, Vendor Advisory)
- github.com (Patch, Third Party Advisory)
- www.misakikata.com (Broken Link)