Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-33513
Plone up to and including 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Plone Plone
5.4
CVSSv3
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable c...
Plone Plone
5.4
CVSSv3
CVE-2021-29002
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
Plone Plone 5.2.3
1 Github repository
5.4
CVSSv3
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
5.4
CVSSv3
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
Plone Plone
Plone Plone 5.1
5.3
CVSSv3
CVE-2021-21360
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files gener...
Zope Products.genericsetup
5.3
CVSSv3
CVE-2016-4042
Plone 3.3 up to and including 5.1a1 allows remote malicious users to obtain information about the ID of sensitive content via unspecified vectors.
Plone Plone 5.0
Plone Plone 5.0.3
Plone Plone 5.0.1
Plone Plone 4.3.9
Plone Plone 4.3.4
Plone Plone 4.3.2
Plone Plone 4.2.3
Plone Plone 4.2.1
Plone Plone 4.1.1
Plone Plone 4.0.10
Plone Plone 4.0.4
Plone Plone 4.0.2
Plone Plone 3.3.1
Plone Plone 4.0
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.3.5
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
4.9
CVSSv3
CVE-2016-4043
Chameleon (five.pt) in Plone 5.0rc1 up to and including 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
Plone Plone 5.0
Plone Plone 5.0.2
Plone Plone 5.0.3
Plone Plone 5.0.4
Plone Plone 5.1a1
Plone Plone 5.0.1
4.3
CVSSv3
CVE-2021-33510
Plone up to and including 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
Plone Plone
4.3
CVSSv3
CVE-2017-5524
Plone 4.x up to and including 4.3.11 and 5.x up to and including 5.0.6 allow remote malicious users to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
Plone Plone 5.0.2
Plone Plone 4.3.11
Plone Plone 4.3.4
Plone Plone 4.3.2
Plone Plone 4.2.3
Plone Plone 4.2.1
Plone Plone 4.1.5
Plone Plone 5.0
Plone Plone 4.1
Plone Plone 4.0.9
Plone Plone 4.0.1
Plone Plone 4.3.9
Plone Plone 4.3.8
Plone Plone 4.3.7
Plone Plone 4.3.6
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 5.1
Plone Plone 4.0.7
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »