PyPI package
products.pluggableauthservice
pkg:pypi/products.pluggableauthservice
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33507 | — | < 2.6.2 | 2.6.2 | May 21, 2021 | Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. | ||
| CVE-2021-21337 | — | < 2.6.1 | 2.6.1 | Mar 8, 2021 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the bro | ||
| CVE-2021-21336 | — | < 2.6.0 | 2.6.0 | Mar 8, 2021 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t |
- CVE-2021-33507May 21, 2021affected < 2.6.2fixed 2.6.2
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
- CVE-2021-21337Mar 8, 2021affected < 2.6.1fixed 2.6.1
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the bro
- CVE-2021-21336Mar 8, 2021affected < 2.6.0fixed 2.6.0
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t