Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

CVE-2026-28413

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

CVE-2026-28413

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

PYSEC-2026-112

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

PYSEC-2026-112

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

isURLInPortal 输入验证错误漏洞

isURLInPortal is a Plone open-source URL security check patch for Plone. Versions prior to 2.1.0, 3.1.0, and 4.0.0 of isURLInPortal had a input validation vulnerability that could lead to redirection to external websites after login...

Plone < 5.2.7 / 6.x < 6.0.0a3 XSS (CVE-2022-23599)

The detected version of Plone, is prior to version 5.2.7, or version 6 prior to 6.0.0a3. It is, therefore, affected by a cross site scripting vulnerability. A remote attacker can exploit this via cache poisoning to redirect a user when clicking links on the compromised page. Note that Nessus has...

Plone Python Library Multiple Vulnerabilities (20230921)

The detected version of Plone python package, plone, is prior to version 5.2.14 or 6.x prior to 6.0.7. It is, therefore, affected by the following the vulnerabilities: - Multiple stored cross site scripting vulnerabilities exits when handling SVG images. An authenticated, remote attacker can...

Plone <= 6.0.5 Cross-Frame Scripting (CVE-2024-0669)

The detected version of the python package plone version 6.0.5 or prior. It is, therefore, affected by a cross-frame scripting vulnerability. A remote attacker can exploit this via cross-frame scripting to trick a user into opening a invisible i-frame to collect credentials or keystrokes. Note th...

GHSA-43GX-6GV6-3JCP Products.isurlinportal has possible open redirect when using more than 2 forward slashes

Impact A url /login?camefrom=////evil.example may redirect to an external website after login. Standard Plone is not affected, but if you have customised the login, for example with add-ons, you might be affected. You can try the url to check if you are affected or not. Patches The problem has be...

Products.isurlinportal has possible open redirect when using more than 2 forward slashes

Impact A url /login?camefrom=////evil.example may redirect to an external website after login. Standard Plone is not affected, but if you have customised the login, for example with add-ons, you might be affected. You can try the url to check if you are affected or not. Patches The problem has be...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the improper versification of user identify in comment posting feature. An attacker can exploit this vulnerability by impersonating a registered user, potentially leading to unauthoriz...

CVE-2021-33512

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-33510

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

CVE-2021-33511

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

CVE-2021-33926

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

Denial-of-service (DoS)

@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...