Loading
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
Use CWE-611, Plone vendor hub and Plone product page to widen CVE-2020-28734 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-33509, CVE-2021-33926 and CVE-2024-22889 for nearby disclosures in the same product family.