CVE-2020-28734

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.

Date published : 2020-12-30

https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt

https://github.com/plone/Products.CMFPlone/issues/3209