Filtered by vendor Plone
Subscriptions
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7139 | 1 Plone | 1 Plone | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2016-4043 | 1 Plone | 1 Plone | 2025-04-20 | N/A |
| Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | ||||
| CVE-2016-7136 | 1 Plone | 1 Plone | 2025-04-20 | N/A |
| z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | ||||
| CVE-2012-5490 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4190 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5488 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | ||||
| CVE-2013-4188 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources." | ||||
| CVE-2013-4196 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request. | ||||
| CVE-2013-4197 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | ||||
| CVE-2013-4198 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality. | ||||
| CVE-2013-4192 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. | ||||
| CVE-2012-5486 | 3 Plone, Redhat, Zope | 3 Plone, Rhel Cluster, Zope | 2025-04-12 | N/A |
| ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | ||||
| CVE-2012-6661 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). | ||||
| CVE-2012-5508 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. | ||||
| CVE-2012-5485 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | ||||
| CVE-2012-5507 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | ||||
| CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
| CVE-2012-5491 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | ||||
| CVE-2012-5499 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | ||||
| CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||