Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-33512
Plone up to and including 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Plone Plone
3.5
CVSSv2
CVE-2021-33508
Plone up to and including 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
Plone Plone
3.5
CVSSv2
CVE-2021-33513
Plone up to and including 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Plone Plone
3.5
CVSSv2
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable c...
Plone Plone
3.5
CVSSv2
CVE-2021-29002
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
Plone Plone 5.2.3
1 Github repository
3.5
CVSSv2
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
3.5
CVSSv2
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
Plone Plone
Plone Plone 5.1
3.5
CVSSv2
CVE-2016-4043
Chameleon (five.pt) in Plone 5.0rc1 up to and including 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
Plone Plone 5.0
Plone Plone 5.0.2
Plone Plone 5.0.3
Plone Plone 5.0.4
Plone Plone 5.1a1
Plone Plone 5.0.1
3.5
CVSSv2
CVE-2012-5502
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 4.1
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.2.1
Plone Plone 3.2
Plone Plone 3.0.1
Plone Plone 3.0
Plone Plone 2.5.5
Plone Plone 2.5.4
Plone Plone 2.0.2
Plone Plone 2.0.1
Plone Plone 2.0
Plone Plone 1.0.6
Plone Plone 1.0.5
Plone Plone 4.2.0.1
Plone Plone 4.2
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 3.3.5
3.5
CVSSv2
CVE-2013-4199
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (de...
Plone Plone 4.2
Plone Plone 4.2.1
Plone Plone 4.2.2
Plone Plone 4.2.4
Plone Plone 4.2.3
Plone Plone 4.2.5
Plone Plone 4.3
Plone Plone 4.3.1
Plone Plone 4.0.6.1
Plone Plone 4.1
Plone Plone 3.0
Plone Plone 3.0.1
Plone Plone 3.1.7
Plone Plone 3.2
Plone Plone 3.2.1
Plone Plone 3.2.2
Plone Plone 3.2.3
Plone Plone 2.1
Plone Plone 2.1.1
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 4.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »