Lucene search
+L

39 matches found

CVE
CVE
added 2025/08/28 5:10 p.m.30 views

CVE-2025-58047

CVE-2025-58047 affects Volto (React frontend for Plone). The issue allows an anonymous user to trigger the NodeJS server to exit when visiting a specific URL, potentially causing DoS or downtime. Affected ranges include Volto versions before 16.34.0, 17.x before 17.22.1, 18.x before 18.24.0, and ...

7.5CVSS6.1AI score0.00569EPSS
Exploits0References7
OSV
OSV
added 2025/08/28 5:10 p.m.4 views

CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...

7.5CVSS6.4AI score0.00569EPSS
Exploits0References9
Snyk
Snyk
added 2025/08/28 3:34 p.m.1 views

Improper Handling of Exceptional Conditions

Overview @plone/volto is a Volto Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via accessing a specific URL as an anonymous user. An attacker can cause the server process to terminate unexpectedly by sending crafted requests to the affected...

8.7CVSS6.9AI score0.00569EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/28 3:34 p.m.22 views

Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/08/28 3:34 p.m.6 views

GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.11 views

PT-2025-35112

Name of the Vulnerable Software and Affected Versions Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4 Volto versions 18.0.0 through 18.24.0 Volto versions 17.0.0 through 17.22.1 Volto versions prior to 16.34.0 Description Volto, a React-based frontend for the Plone Content Management System,...

7.5CVSS6.5AI score0.00569EPSS
Exploits0References23
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.6 views

Volto 安全漏洞

Volto is a content management system open-sourced by Plone Foundation. A security vulnerability exists in Volto versions prior to 19.0.0-alpha.4 and 18.24.0, which stems from the fact that an anonymous user's access to a specific URL may cause the NodeJS server to exit...

7.5CVSS6.4AI score0.00569EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.8 views

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

7.5CVSS7AI score0.0058EPSS
Exploits0References1
Veracode
Veracode
added 2022/03/15 10:17 a.m.20 views

Authentication Bypass

@plone/volto is vulnerable to authentication bypasses. A remote attacker is able to get attacker's authentication cookie replaced with the authentication cookie from another user, effectively giving the attacker full access to the victim's account and privileges...

7.5CVSS5.2AI score0.0058EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/03/15 12:0 a.m.59 views

Volto licensing issue vulnerability

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...

7.5CVSS5.3AI score0.0058EPSS
Exploits0References1
NVD
NVD
added 2022/03/14 11:15 p.m.48 views

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

7.5CVSS0.0058EPSS
Exploits0References2
Prion
Prion
added 2022/03/14 11:15 p.m.16 views

Authentication flaw

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

6CVSS7.6AI score0.0058EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/14 10:15 p.m.40 views

Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

7.5CVSS0.3AI score0.0058EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/14 10:15 p.m.30 views

GHSA-CFHH-XGWQ-5R67 Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

5CVSS6.2AI score0.0058EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/03/14 10:15 p.m.6 views

CVE-2022-24740 Improper Authentication in Volto

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

5CVSS7.7AI score0.0058EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/14 10:15 p.m.36 views

CVE-2022-24740 Improper Authentication in Volto

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

5CVSS7.8AI score0.0058EPSS
Exploits0References2
CVE
CVE
added 2022/03/14 10:15 p.m.102 views

CVE-2022-24740

Volto (the Plone React frontend) versions 14.0.0-alpha.5 through 15.0.0-alpha.0 are vulnerable to authentication cookie replacement under high server load due to an outdated react-cookie library. This could allow an attacker to gain the other user’s account privileges. A proof of concept does not...

7.5CVSS6.3AI score0.0058EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/14 10:15 p.m.23 views

CVE-2022-24740 Improper Authentication in Volto

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

5CVSS7.7AI score0.0058EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.6 views

Volto 授权问题漏洞

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...

7.5CVSS5.6AI score0.0058EPSS
Exploits0References4
Rows per page
Query Builder