6 matches found
GHSA-CQ5G-924M-7FXH Plone Information Disclosure
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...
PYSEC-2014-76
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator PRNG, which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability...
Code injection
membershiptool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL...
Cross site request forgery (csrf)
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...
PYSEC-2014-47
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...
CVE-2012-5502
CVE-2012-5502: XSS in Plone?safe_html.py (Plone before 4.2.3 and 4.3 before beta 1) allows remote authenticated users with edit permissions to inject arbitrary script/HTML via unspecified vectors. Exact fix version is not specified in the provided documents; references show patches/releases aroun...