Improper Neutralization of Input During Web Page Generation
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
Advisories for Pypi/Products.PluggableAuthService package
2021
URL Redirection to Untrusted Site (Open Redirect)
In Products.PluggableAuthService there is an open redirect vulnerability.
Information Exposure
In Products.PluggableAuthService, there is an information disclosure vulnerability