CVE-2021-33507: Cross-site Scripting

May 21, 2021 (updated May 27, 2021)

Zope Products.CMFCore and Products.PluggableAuthService, as used in Plone and other products, allow Reflected XSS.

References

nvd.nist.gov/vuln/detail/CVE-2021-33507
plone.org/security/hotfix/20210518/reflected-xss-in-various-spots

Detect and mitigate CVE-2021-33507 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →