Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2020-7936
An open redirect on the login form (and possibly other places) in Plone 4.0 up to and including 5.2.1 allows an malicious user to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Plone Plone
516
VMScore
CVE-2017-1000484
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to t...
Plone Plone 5.1
Plone Plone 5.0.9
Plone Plone 5.0.8
Plone Plone 4.3.9
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 3.3.6
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 5.0
Plone Plone 5.0.2
Plone Plone 5.0.1
Plone Plone 4.3.15
Plone Plone 4.3.1
Plone Plone 4.3
516
VMScore
CVE-2017-1000481
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you...
Plone Plone 5.0
Plone Plone 5.1
Plone Plone 5.0.9
Plone Plone 5.0.8
Plone Plone 5.0.7
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.3.5
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 4.1.3
Plone Plone 4.0
Plone Plone 3.3.6
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 5.0.1
Plone Plone 4.3.15
Plone Plone 4.3.14
Plone Plone 4.3
516
VMScore
CVE-2013-4191
zip.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote malicious users to obtain sensitive information by reading ...
Plone Plone 4.3
Plone Plone 4.3.1
Plone Plone 4.2.1
Plone Plone 4.2.2
Plone Plone 4.2.3
Plone Plone 4.2.4
Plone Plone 4.2.5
Plone Plone 4.2
Plone Plone 4.0.1
Plone Plone 3.0
Plone Plone 3.0.2
Plone Plone 3.1
Plone Plone 3.1.2
Plone Plone 3.2.1
Plone Plone 3.2.3
Plone Plone 2.5
Plone Plone 2.5.2
Plone Plone 2.1.1
Plone Plone 2.1.3
Plone Plone 4.0.3
Plone Plone 4.0.4
Plone Plone 4.0.5
516
VMScore
CVE-2013-4195
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 allow remote malicious users to redirect users to arbitrary web...
Plone Plone 4.0
Plone Plone 4.1
Plone Plone 3.0.1
Plone Plone 3.0.6
Plone Plone 3.1.1
Plone Plone 3.2
Plone Plone 3.2.2
Plone Plone 3.3.5
Plone Plone 2.5.1
Plone Plone 2.1
Plone Plone 2.1.2
Plone Plone 3.0.2
Plone Plone 3.0.3
Plone Plone 3.0.4
Plone Plone 3.0.5
Plone Plone 3.3
Plone Plone 3.3.1
Plone Plone 3.3.2
Plone Plone 3.3.3
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.0.3
505
VMScore
CVE-2006-1711
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote malicious users to modify portraits.
Plone Plone 2.0.5
Plone Plone 2.1.2
Plone Plone 2.5 Beta1
1 EDB exploit
490
VMScore
CVE-2013-7061
Products/CMFPlone/CatalogTool.py in Plone 3.3 up to and including 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
Plone Plone 4.1.6
Plone Plone 3.3
Plone Plone 4.0.9
Plone Plone 4.0.7
Plone Plone 4.1
Plone Plone 4.1.1
Plone Plone 4.1.2
Plone Plone 4.1.3
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 3.3.6
Plone Plone 3.3.5
Plone Plone 4.2.5
Plone Plone 4.2.6
Plone Plone 4.2.7
Plone Plone 4.3
Plone Plone 4.1.4
Plone Plone 4.0.4
Plone Plone 4.0.2
Plone Plone 3.3.4
Plone Plone 3.3.2
Plone Plone 4.2.1
490
VMScore
CVE-2013-4197
member_portrait.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
Plone Plone 4.2.4
Plone Plone 4.2
Plone Plone 4.2.1
Plone Plone 4.2.2
Plone Plone 4.2.3
Plone Plone 4.2.5
Plone Plone 4.3.1
Plone Plone 4.3
Plone Plone 4.0.3
Plone Plone 4.0.5
Plone Plone 3.0.4
Plone Plone 3.0.6
Plone Plone 4.1
Plone Plone 3.0
Plone Plone 3.0.1
Plone Plone 3.0.2
Plone Plone 3.2.1
Plone Plone 3.2.2
Plone Plone 3.2.3
Plone Plone 3.3
Plone Plone 2.1.1
Plone Plone 2.1.2
490
VMScore
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Plone Plone 4.0
Plone Plone 4.1
445
VMScore
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
Plone Plone
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »