Plone · Plone · CVE-2021-33513
**Name of the Vulnerable Software and Affected Versions**
Plone versions through 5.2.4
**Description**
The issue allows for cross-site scripting (XSS) attacks via the `inline diff` methods in `Products.CMFDiffTool`. This can potentially lead to malicious script execution on the client-side.
**Recommendations**
For Plone versions through 5.2.4, consider disabling the `inline diff` methods in `Products.CMFDiffTool` as a temporary workaround until a patch is available. Restrict access to the affected `Products.CMFDiffTool` module to minimize the risk of exploitation.