Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-33512
Plone up to and including 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Plone Plone
578
VMScore
CVE-2021-32633
Zope is an open-source web application server. In Zope versions before 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the...
Plone Plone
Zope Zope
312
VMScore
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable c...
Plone Plone
312
VMScore
CVE-2021-29002
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
Plone Plone 5.2.3
1 Github repository
445
VMScore
CVE-2021-21360
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files gener...
Zope Products.genericsetup
356
VMScore
CVE-2021-21336
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t...
Zope Products.pluggableauthservice
Plone Plone
578
VMScore
CVE-2020-28734
Plone prior to 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
Plone Plone
578
VMScore
CVE-2020-28735
Plone prior to 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Plone Plone
578
VMScore
CVE-2020-28736
Plone prior to 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
Plone Plone
890
VMScore
CVE-2020-35190
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a b...
Plone Plone
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »