Lucene search
K

8 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.5 views

The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.

The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS7.2AI score0.00822EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.4 views

Plone 代码问题漏洞

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone CMS that stems from a vulnerability that allows an attacker to access sensitive information via an RSS feed protlet, the following products and versions are affecte...

8.8CVSS7.8AI score0.01005EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/15 12:0 a.m.15 views

Volto licensing issue vulnerability

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...

7.5CVSS5.3AI score0.00566EPSS
Exploits0References1
Prion
Prion
added 2022/03/14 11:15 p.m.13 views

Authentication flaw

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

6CVSS7.6AI score0.00566EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/14 10:15 p.m.100 views

CVE-2022-24740

Volto (the Plone React frontend) versions 14.0.0-alpha.5 through 15.0.0-alpha.0 are vulnerable to authentication cookie replacement under high server load due to an outdated react-cookie library. This could allow an attacker to gain the other user’s account privileges. A proof of concept does not...

7.5CVSS6.3AI score0.00566EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.5 views

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

5.4CVSS5.4AI score0.00536EPSS
Exploits0References2
PyPA
PyPA
added 2017/03/07 4:59 p.m.9 views

PYSEC-2017-60

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

6.1CVSS7.1AI score0.01657EPSS
Exploits2References8Affected Software1
Saint
Saint
added 2012/01/13 12:0 a.m.45 views

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

9.3CVSS7AI score0.78546EPSS
Exploits15
Rows per page
Query Builder