Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-3313
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable c...
Plone Plone
9.8
CVSSv3
CVE-2020-35190
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a b...
Plone Plone
6.1
CVSSv3
CVE-2020-7936
An open redirect on the login form (and possibly other places) in Plone 4.0 up to and including 5.2.1 allows an malicious user to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Plone Plone
8.8
CVSSv3
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 up to and including 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Plone Plone
5.4
CVSSv3
CVE-2020-7937
An XSS issue in the title field in Plone 5.0 up to and including 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Plone Plone
9.8
CVSSv3
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 up to and including 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Plone Plone
8.8
CVSSv3
CVE-2020-7938
plone.restapi in Plone 5.2.0 up to and including 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Plone Plone
7.5
CVSSv3
CVE-2020-7940
Missing password strength checks on some forms in Plone 4.3 up to and including 5.2.0 allow users to set weak passwords, leading to easier cracking.
Plone Plone
5.4
CVSSv3
CVE-2021-33513
Plone up to and including 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Plone Plone
5.4
CVSSv3
CVE-2021-33508
Plone up to and including 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
Plone Plone
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »