Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)

Description

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

Remediation

References

Related Vulnerabilities

WordPress 3.8.x Cross-Domain Flash Injection Vulnerability (3.8 - 3.8.24)

WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.73)

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400)

Severity

High

Classification

CVE-2021-33926 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities