21 matches found
EUVD-2021-0190
Malware in sbrugna...
EUVD-2021-0193
Malware in sbrugna...
Plone has stored XSS in folder contents
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...
CVE-2021-35959
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...
CVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33513
Plone through 5.2.4 allows XSS via the inlinediff methods in Products.CMFDiffTool...
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...
Code injection
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
Code injection
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
PYSEC-2021-82
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
PYSEC-2021-85
Plone through 5.2.4 allows XSS via the inlinediff methods in Products.CMFDiffTool...
PYSEC-2021-84
Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...