Description
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2065 Vulnerability (CVE-2021-2065)
MySQL CVE-2014-6478 Vulnerability (CVE-2014-6478)
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)
WordPress Plugin Auto Prune Posts Cross-Site Request Forgery (1.8.0)
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999001)