Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Products.CMFCore(PyPI) | 0 | 2.5.1 | N/A |
| Products.PluggableAuthService(PyPI) | 0 | 2.6.2 | N/A |
| Plone(PyPI) | 0 | N/A | N/A |
CVSS Metrics
