Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0164
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote malicious users to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Plone Plone Cms 3.0.6
Plone Plone Cms 3.0.5
NA
CVE-2009-0662
The PlonePAS product 3.x prior to 3.9 and 3.2.x prior to 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Plone Plonepas 3.0
Plone Plonepas 3.1
Plone Plonepas 3.2
Plone Plonepas 3.3
Plone Plonepas 3.4
Plone Plonepas 3.5
NA
CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2, allows remote malicious users to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod...
Zope Zope 2.13.10
Plone Plone 4.2a1
Zope Zope 2.12.0
Zope Zope 2.12.11
Zope Zope 2.12.9
Zope Zope 2.12.8
Plone Plone 4.0.5
Zope Zope 2.13.0
Zope Zope 2.12.16
Zope Zope 2.12.10
Zope Zope 2.13.9
Zope Zope 2.12.3
Zope Zope 2.12.12
Plone Plone 4.0.2
Zope Zope 2.12.17
Zope Zope 2.12.19
Zope Zope 2.12.14
Zope Zope 2.12.15
Plone Plone 4.0.8
Plone Plone 4.0.7
Plone Plone 4.0.4
Zope Zope 2.12.5
1 EDB exploit
7.5
CVSSv3
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user...
Plone Volto 15.0.0
Plone Volto
Plone Volto 14.0.0
5.4
CVSSv3
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
9.8
CVSSv3
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 up to and including 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Plone Plone
9.9
CVSSv3
CVE-2021-33509
Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Plone Plone
7.1
CVSSv3
CVE-2024-0669
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
Plone Plone
4.3
CVSSv3
CVE-2021-33510
Plone up to and including 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
Plone Plone
6.1
CVSSv3
CVE-2013-7062
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x up to and including 3.3.6, 4.0.x up to and including 4.0.9, 4.1.x up to and including 4.1.6, 4.2.x up to and including 4.2.7, and 4.3 up to and including 4.3.2, allow remote malicious users to inj...
Plone Plone
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »