CVE-2020-28736

Published December 30th, 2020

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

plone/Products.CMFPlone

The core of the Plone content management system

GitHub

307