Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-0164
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote malicious users to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Plone Plone Cms 3.0.5
Plone Plone Cms 3.0.6
6
CVSSv2
CVE-2009-0662
The PlonePAS product 3.x prior to 3.9 and 3.2.x prior to 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Plone Plonepas 3.5
Plone Plonepas 3.4
Plone Plonepas 3.0
Plone Plonepas 3.1
Plone Plonepas 3.3
Plone Plonepas 3.2
9.3
CVSSv2
CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2, allows remote malicious users to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod...
Zope Zope 2.12.9
Zope Zope 2.12.13
Zope Zope 2.12.2
Zope Zope 2.12.0
Zope Zope 2.12.17
Zope Zope 2.12.15
Zope Zope 2.13.0
Zope Zope 2.13.1
Plone Plone 4.0.8
Plone Plone 4.0.1
Plone Plone 4.1
Plone Plone 4.2
Zope Zope 2.12.12
Zope Zope 2.12.14
Zope Zope 2.12.18
Zope Zope 2.12.6
Zope Zope 2.13.2
Zope Zope 2.12.19
Zope Zope 2.12.20
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.2a2
1 EDB exploit
4.3
CVSSv2
CVE-2013-7062
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x up to and including 3.3.6, 4.0.x up to and including 4.0.9, 4.1.x up to and including 4.1.6, 4.2.x up to and including 4.2.7, and 4.3 up to and including 4.3.2, allow remote malicious users to inj...
Plone Plone
NA
CVE-2024-0669
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
Plone Plone
3.5
CVSSv2
CVE-2021-35959
In Plone 5.0 up to and including 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
Plone Plone
5.8
CVSSv2
CVE-2020-7936
An open redirect on the login form (and possibly other places) in Plone 4.0 up to and including 5.2.1 allows an malicious user to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Plone Plone
3.5
CVSSv2
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
6.5
CVSSv2
CVE-2020-7938
plone.restapi in Plone 5.2.0 up to and including 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Plone Plone
6.5
CVSSv2
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 up to and including 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Plone Plone
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »