Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-7936
An open redirect on the login form (and possibly other places) in Plone 4.0 up to and including 5.2.1 allows an malicious user to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Plone Plone
6.5
CVSSv2
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 up to and including 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Plone Plone
7.5
CVSSv2
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 up to and including 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Plone Plone
6.5
CVSSv2
CVE-2020-7938
plone.restapi in Plone 5.2.0 up to and including 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Plone Plone
3.5
CVSSv2
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
5
CVSSv2
CVE-2020-7940
Missing password strength checks on some forms in Plone 4.3 up to and including 5.2.0 allow users to set weak passwords, leading to easier cracking.
Plone Plone
4.3
CVSSv2
CVE-2013-7062
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x up to and including 3.3.6, 4.0.x up to and including 4.0.9, 4.1.x up to and including 4.1.6, 4.2.x up to and including 4.2.7, and 4.3 up to and including 4.3.2, allow remote malicious users to inj...
Plone Plone
5.8
CVSSv2
CVE-2017-1000484
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to t...
Plone Plone 5.1
Plone Plone 5.0.9
Plone Plone 5.0.8
Plone Plone 4.3.9
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 3.3.6
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 5.0
Plone Plone 5.0.2
Plone Plone 5.0.1
Plone Plone 4.3.15
Plone Plone 4.3.1
Plone Plone 4.3
5.8
CVSSv2
CVE-2017-1000481
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you...
Plone Plone 5.0
Plone Plone 5.1
Plone Plone 5.0.9
Plone Plone 5.0.8
Plone Plone 5.0.7
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.3.5
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 4.1.3
Plone Plone 4.0
Plone Plone 3.3.6
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 5.0.1
Plone Plone 4.3.15
Plone Plone 4.3.14
Plone Plone 4.3
3.5
CVSSv2
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
Plone Plone
Plone Plone 5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »