Description

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

Remediation

References

CVE-2021-33507

Related Vulnerabilities

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)

Joomla! Core 3.x.x Security Bypass (3.8.13 - 3.9.6)

Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)

WordPress Plugin WP Easy Slideshow Multiple Cross-Site Request Forgery Vulnerabilities (1.0.3)

WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8)

Severity

Medium

Classification

CVE-2021-33507 CWE-707

Tags

Missing Update Known Vulnerabilities