3 matches found
CVE-2017-1000483
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5...
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
CVE-2017-1000483
CVE-2017-1000483 affects Plone 2.5–5.1rc1 where private content can be accessed via str.format in through-the-web templates and scripts. The issue stems from the format method exposure, with the hotfix originally addressing this and noting the format method is from Python 2.6, making the fix rele...