Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone 2.1 vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2022-23599
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the ...
Plone Plone
4.3
CVSSv2
CVE-2012-5500
The batch id change script (renameObjectsByPaths.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to change the titles of content items by leveraging a valid CSRF token in a crafted request.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
Plone Plone 2.0.3
Plone Plone 1.0.4
Plone Plone 3.3.2
5
CVSSv2
CVE-2012-5508
The error pages in Plone prior to 4.2.3 and 4.3 before beta 1 allow remote malicious users to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 ...
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
Plone Plone 2.0.3
Plone Plone 1.0.4
Plone Plone 3.3.2
5
CVSSv2
CVE-2012-6661
Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote malicious users to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due ...
Plone Plone 4.1.4
Plone Plone 4.0.6.1
Plone Plone 3.3.5
Plone Plone 3.3.3
Plone Plone 3.2.2
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 3.0.6
Plone Plone 2.5.5
Plone Plone 2.5.3
Plone Plone 2.1.3
Plone Plone 2.1.1
Plone Plone 2.0
Plone Plone 1.0.5
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.0.1
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
6.4
CVSSv2
CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 prior to 2.13.19, as used in Plone prior to 4.3 beta 1, allows remote malicious users to inject arbitrary HTTP headers via a linefeed (LF) character.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
4.3
CVSSv2
CVE-2012-5490
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.2.0.1
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.0.1
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 3.1.3
Plone Plone 3.1.2
Plone Plone 2.5.2
Plone Plone 2.5.1
Plone Plone 2.5
Plone Plone 2.1.4
Plone Plone 1.0.3
Plone Plone 1.0.2
Plone Plone 1.0.1
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.1.6
5
CVSSv2
CVE-2012-5492
uid_catalog.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to obtain metadata about hidden objects via a crafted URL.
Plone Plone 4.2
Plone Plone 4.0
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.1.1
Plone Plone 3.1
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 2.1.2
Plone Plone 2.1.1
Plone Plone 2.1
Plone Plone 2.0.5
Plone Plone 4.3
Plone Plone 4.1.4
Plone Plone 4.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 3.2.1
Plone Plone 3.2
Plone Plone 3.1.7
Plone Plone 3.1.6
5
CVSSv2
CVE-2012-5495
python_scripts.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to execute Python code via a crafted URL, related to "go_back."
Plone Plone 4.2
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
Plone Plone 3.0.3
Plone Plone 2.1
Plone Plone 2.0.5
Plone Plone 2.0.4
Plone Plone 2.0.3
Plone Plone 4.1.6
Plone Plone 4.1.4
Plone Plone 4.0.1
Plone Plone 3.3.5
Plone Plone 3.2.2
Plone Plone 3.2
Plone Plone 3.1.3
Plone Plone 3.1.1
Plone Plone 3.0.1
5
CVSSv2
CVE-2012-5501
at_download.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.2.0.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 3.1.3
Plone Plone 2.5.3
Plone Plone 2.5.2
Plone Plone 2.5.1
Plone Plone 2.5
Plone Plone 2.1.4
Plone Plone 1.0.4
Plone Plone 1.0.3
Plone Plone 1.0.2
Plone Plone 1.0.1
5
CVSSv2
CVE-2012-5503
ftp.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to read hidden folder contents via unspecified vectors.
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 3.3
Plone Plone 3.2.3
Plone Plone
Plone Plone 4.1
Plone Plone 4.0.5
Plone Plone 3.3.4
Plone Plone 3.3.2
Plone Plone 3.1.7
Plone Plone 3.1.5.1
Plone Plone 3.1
Plone Plone 3.0.5
Plone Plone 2.5.4
Plone Plone 2.5.2
Plone Plone 2.1
Plone Plone 2.0.4
Plone Plone 1.0.6
Plone Plone 1.0.4
Plone Plone 3.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »