Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0164
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote malicious users to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Plone Plone Cms 3.0.6
Plone Plone Cms 3.0.5
NA
CVE-2009-0662
The PlonePAS product 3.x prior to 3.9 and 3.2.x prior to 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Plone Plonepas 3.0
Plone Plonepas 3.1
Plone Plonepas 3.2
Plone Plonepas 3.3
Plone Plonepas 3.4
Plone Plonepas 3.5
NA
CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2, allows remote malicious users to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod...
Zope Zope 2.13.10
Plone Plone 4.2a1
Zope Zope 2.12.0
Zope Zope 2.12.11
Zope Zope 2.12.9
Zope Zope 2.12.8
Plone Plone 4.0.5
Zope Zope 2.13.0
Zope Zope 2.12.16
Zope Zope 2.12.10
Zope Zope 2.13.9
Zope Zope 2.12.3
Zope Zope 2.12.12
Plone Plone 4.0.2
Zope Zope 2.12.17
Zope Zope 2.12.19
Zope Zope 2.12.14
Zope Zope 2.12.15
Plone Plone 4.0.8
Plone Plone 4.0.7
Plone Plone 4.0.4
Zope Zope 2.12.5
1 EDB exploit
7.5
CVSSv3
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user...
Plone Volto 15.0.0
Plone Volto
Plone Volto 14.0.0
5.4
CVSSv3
CVE-2021-33513
Plone up to and including 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Plone Plone
7.1
CVSSv3
CVE-2024-0669
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
Plone Plone
6.1
CVSSv3
CVE-2022-23599
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the ...
Plone Plone
9.8
CVSSv3
CVE-2020-35190
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a b...
Plone Plone
8.8
CVSSv3
CVE-2020-28734
Plone prior to 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
Plone Plone
8.8
CVSSv3
CVE-2020-28735
Plone prior to 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Plone Plone
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »