CVE-2022-23599 Cross-site Scripting and Open Redirect in Products.ATContentTypes

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscre...

PYSEC-2014-52

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service infinite loop and resource consumption via unspecified vectors related to "retrieving information for certain resources."...

CVE-2013-4198

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

CVE-2013-4199

1 cbdecode.py and 2 linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service resource consumption via a large zip archive, which is expanded decompressed...

Cross site scripting

Cross-site scripting XSS vulnerability in the safehtml filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422...

CVE-2011-1949

CVE-2011-1949 is a Plone XSS issue in the PortalTransforms safe_html filter (Plone 2.1–4.1). The vulnerability allows remote authenticated users to inject arbitrary script or HTML via unspecified vectors, caused by the safe_html transform path. This is described as a different vulnerability from ...

CVE-2010-2422

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...