Description Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. Remediation References CVE-2020-28734 Related Vulnerabilities PHP Other Vulnerability (CVE-1999-0058) IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20506) WordPress 4.7.x Cross-Domain Flash Injection Vulnerability (4.7 - 4.7.8) WordPress Plugin Xhanch-My Twitter Multiple Cross-Site Request Forgery Vulnerabilities (2.7.7) WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1) Severity High Classification CVE-2020-28734 CWE-611 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities