Description

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Remediation

References

CVE-2020-28735

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2006-1028)

WordPress Plugin Zephyr Project Manager Cross-Site Scripting (3.2.40)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7330)

WordPress Plugin Station Pro Cross-Site Scripting (2.2.1)

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.20)

Severity

High

Classification

CVE-2020-28735 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities