Skip to main content
Skip to navigation
Skip to footer
Why Plone
Why Plone
What is Plone?
Features
Plone 6
They use Plone
Extend Plone
Roadmap
Plone as a Headless CMS
Get Started
Get Started with Plone
Try Plone
Install Plone
Documentation
Training
Services
Services
Providers
Training
Community
Community
Bugs
Conferences
Contribute
Forum
Google Summer of Code
Online Chat
Support
Teams
Foundation
Plone Foundation
About the Plone Foundation
Board of Directors
Membership
Meetings
How to Sponsor Plone
Plone Event and Sprint Sponsorship Policy
Copyright, Licensing: Plone Code & Logo
Contact us
News & Events
News and Events
News
Events
Podcasts
The Plone Newsroom
Plone Podcast
Plone in Social Media
Plone YouTube channel
Conferences
Sprints
Plone Tune-Up Days
World Plone Day 2024
Plone Conference 2024
Join the Plone Newsletter
Try now
Home
/
Security
/
Plone Hotfix Descriptions
/
20210518
20210518
Issues fixed
Remote Code Execution via traversal in expressions with aliases
Remote Code Execution via traversal in expressions part 2
Writing arbitrary files via docutils and Python Script
Information disclosures: mostly installation logs
Stored XSS from file upload (svg, html)
Reflected XSS in various spots
XSS vulnerability in CMFDiffTool
Stored XSS from user fullname
Blind SSRF via feedparser accessing an internal URL
Server Side Request Forgery via event ical URL
Server Side Request Forgery via lxml parser
Stored XSS in folder contents
Remote Code Execution via Python Scripts
;