27 matches found
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
EUVD-2021-0193
Malware in sbrugna...
EUVD-2017-0088
Malware in sbrugna...
CVE-2023-41048
plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...
PYSEC-2023-311
plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...
GHSA-QQGJ-22GR-73VX Plone vulnerable to privilege escalation in WebDAV
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...
Plone vulnerable to privilege escalation in WebDAV
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...
GHSA-GC9G-67CQ-P7V4 Server-Side Request Forgery in Plone
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
Server-Side Request Forgery in Plone
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
Plone server-side request forgery vulnerability
Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
Design/Logic Flaw
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-33511
CVE-2021-33511: Plone (
Plone 代码问题漏洞
Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-28736 via plone-app-dexterity (=2.5.2)
plone-app-dexterity PYPI version =2.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-dexterity and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-28736 Source advisory: OSV:GHSA-2C8C-84W2-J38J...
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-28735 via plone-app-dexterity (=2.5.2)
plone-app-dexterity PYPI version =2.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-dexterity and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-28735 Source advisory: OSV:GHSA-X7WF-5MJC-6X76...
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-28734 via plone-app-dexterity (=2.5.2)
plone-app-dexterity PYPI version =2.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-dexterity and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-28734 Source advisory: OSV:GHSA-WQ6X-G685-W5F2...