Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 up to and including 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Plone Plone
8.8
CVSSv3
CVE-2020-7938
plone.restapi in Plone 5.2.0 up to and including 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Plone Plone
8.8
CVSSv3
CVE-2015-7293
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and previous versions, and Plone prior to 5.x.
Plone Plone 4.3.11
Plone Plone 4.3.10
Plone Plone 4.3.9
Plone Plone 4.3.8
Plone Plone 4.2.2
Plone Plone 4.2.1
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 4.3.3
Plone Plone 4.3.2
Plone Plone 4.3.1
Plone Plone 4.3
Plone Plone 4.1.1
Plone Plone 4.1
Plone Plone 4.0.10
Plone Plone 4.0.9
Plone Plone 3.3.1
Plone Plone 3.3
1 EDB exploit
7.5
CVSSv3
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated malicious users to execute dangerous actions such as uploading files to the server or deleting them.
Plone Plone 5.2.13
7.5
CVSSv3
CVE-2023-42457
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the ...
Plone Rest 3.0.0
Plone Rest 2.0.0
7.5
CVSSv3
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. Th...
Zope Products.cmfcore
7.5
CVSSv3
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user...
Plone Volto 14.0.0
Plone Volto
Plone Volto 15.0.0
7.5
CVSSv3
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
Plone Plone
7.5
CVSSv3
CVE-2020-7940
Missing password strength checks on some forms in Plone 4.3 up to and including 5.2.0 allow users to set weak passwords, leading to easier cracking.
Plone Plone
7.5
CVSSv3
CVE-2015-7318
Plone 3.3.0 up to and including 3.3.6 allows remote malicious users to inject headers into HTTP responses.
Plone Plone 3.3.1
Plone Plone 3.3.3
Plone Plone 3.3.4
Plone Plone 3.3.5
Plone Plone 3.3.6
Plone Plone 3.3
Plone Plone 3.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »