39 matches found
CVE-2025-58047
CVE-2025-58047 affects Volto (React frontend for Plone). The issue allows an anonymous user to trigger the NodeJS server to exit when visiting a specific URL, potentially causing DoS or downtime. Affected ranges include Volto versions before 16.34.0, 17.x before 17.22.1, 18.x before 18.24.0, and ...
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
Improper Handling of Exceptional Conditions
Overview @plone/volto is a Volto Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via accessing a specific URL as an anonymous user. An attacker can cause the server process to terminate unexpectedly by sending crafted requests to the affected...
Volto affected by possible DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
PT-2025-35112
Name of the Vulnerable Software and Affected Versions Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4 Volto versions 18.0.0 through 18.24.0 Volto versions 17.0.0 through 17.22.1 Volto versions prior to 16.34.0 Description Volto, a React-based frontend for the Plone Content Management System,...
Volto 安全漏洞
Volto is a content management system open-sourced by Plone Foundation. A security vulnerability exists in Volto versions prior to 19.0.0-alpha.4 and 18.24.0, which stems from the fact that an anonymous user's access to a specific URL may cause the NodeJS server to exit...
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
Authentication Bypass
@plone/volto is vulnerable to authentication bypasses. A remote attacker is able to get attacker's authentication cookie replaced with the authentication cookie from another user, effectively giving the attacker full access to the victim's account and privileges...
Volto licensing issue vulnerability
Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
Authentication flaw
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
Sudden swap of user auth tokens in Volto
Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...
GHSA-CFHH-XGWQ-5R67 Sudden swap of user auth tokens in Volto
Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...
CVE-2022-24740 Improper Authentication in Volto
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
CVE-2022-24740 Improper Authentication in Volto
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
CVE-2022-24740
Volto (the Plone React frontend) versions 14.0.0-alpha.5 through 15.0.0-alpha.0 are vulnerable to authentication cookie replacement under high server load due to an outdated react-cookie library. This could allow an attacker to gain the other user’s account privileges. A proof of concept does not...
CVE-2022-24740 Improper Authentication in Volto
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
Volto 授权问题漏洞
Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...