EPSS
Percentile
64.8%
plone is vulnerable to cross-site scripting (XSS). It is possible to perform a reflected XSS via the ZMI (manage_findResult). This vulnerability exists because of an incomplete fix for CVE-2016-7140.
manage_findResult
plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2
www.curesec.com/blog/article/blog/Plone-XSS-186.html