Lucene search
+L

166 matches found

prion
prion
added 2023/02/17 6:15 p.m.13 views

Code injection

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

6.5CVSS8.4AI score0.01005EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/02/17 6:15 p.m.24 views

PYSEC-2023-289

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

8.8CVSS8.4AI score0.01005EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/02/17 12:0 a.m.8 views

CVE-2021-33926

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

8.4AI score0.01005EPSS
Exploits1References3
cvelist
cvelist
added 2023/02/17 12:0 a.m.43 views

CVE-2021-33926

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

8.7AI score0.01005EPSS
Exploits1References3
cve
cve
added 2023/02/17 12:0 a.m.64 views

CVE-2021-33926

CVE-2021-33926 affects Plone CMS versions up to 5.2.4 (and prior 4.x/5.0-5.1 releases) due to a server-side request forgery (SSRF) flaw in the RSS feed portlet that allows an attacker to access sensitive internal information. The issue is triggered when processing RSS feed content, exposing inter...

8.8CVSS8.3AI score0.01005EPSS
Exploits1References3Affected Software1
osv
osv
added 2022/05/24 7:2 p.m.16 views

GHSA-HPRR-4VFQ-FCXW Plone XSS in User Fullname Property and File Upload

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

6.1CVSS5.3AI score0.0097EPSS
Exploits1References9
github
github
added 2022/05/24 7:2 p.m.19 views

Plone XSS in User Fullname Property and File Upload

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

5.4CVSS5.4AI score0.0097EPSS
Exploits1References9Affected Software1
osv
osv
added 2022/05/14 2:46 a.m.31 views

GHSA-M7F9-65WR-PWCH Plone vulnerable to filesystem information leak

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

6.9CVSS5AI score0.0258EPSS
Exploits2References13
osv
osv
added 2022/05/14 2:46 a.m.21 views

GHSA-69VH-662J-V988 Plone Open Redirect Vulnerability

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

6.1CVSS6.3AI score0.01657EPSS
Exploits2References12
github
github
added 2022/05/14 2:46 a.m.22 views

Plone Open Redirect Vulnerability

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

6.1CVSS7AI score0.01657EPSS
Exploits2References12Affected Software1
osv
osv
added 2022/05/14 2:45 a.m.7 views

GHSA-PP4C-2692-7F37 Plone Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

6.1CVSS6AI score0.01575EPSS
Exploits2References12
osv
osv
added 2022/05/14 2:45 a.m.43 views

GHSA-V3HP-F8QR-CF3P Plone XSS

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS5.8AI score0.01596EPSS
Exploits2References12
osv
osv
added 2022/05/14 2:45 a.m.6 views

GHSA-CHVW-GJXF-F8MC Plone vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01575EPSS
Exploits2References8
github
github
added 2022/05/01 11:39 p.m.21 views

Plone credentials stored in session cookie

Plone CMS 3.1.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...

4.3CVSS7.4AI score0.0113EPSS
Exploits0References6Affected Software1
osv
osv
added 2022/05/01 11:39 p.m.5 views

GHSA-593C-J348-F3GV Plone Improper Session Management

Plone CMS before 3, places a base64 encoded form of the username and password in the ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network...

10CVSS7AI score0.02877EPSS
Exploits1References8
osv
osv
added 2022/05/01 11:39 p.m.6 views

GHSA-MQ3Q-JJPH-RP5P Plone CMS Improper Session Management

Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...

7.5CVSS6.9AI score0.01424EPSS
Exploits0References7
github
github
added 2022/05/01 11:39 p.m.19 views

Plone CMS Improper Session Management

Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...

7.5CVSS7.3AI score0.01424EPSS
Exploits0References7Affected Software1
osv
osv
added 2022/05/01 11:28 p.m.6 views

GHSA-4J3W-G62X-HRCP Plone Cross-site request forgery (CSRF)

Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS before 3.1 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...

8.7CVSS7AI score0.00642EPSS
Exploits1References11
osv
osv
added 2022/03/14 10:15 p.m.23 views

CVE-2022-24740 Improper Authentication in Volto

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

5CVSS7.7AI score0.0058EPSS
Exploits0References4
openvas
openvas
added 2021/07/02 12:0 a.m.14 views

Plone CMS 5.0.0 <= 5.2.4 XSS Vulnerability

Plone CMS is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

5.4CVSS5.3AI score0.00536EPSS
Exploits0References2
Rows per page
Query Builder