8 matches found
The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.
The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Plone 代码问题漏洞
Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone CMS that stems from a vulnerability that allows an attacker to access sensitive information via an RSS feed protlet, the following products and versions are affecte...
Volto licensing issue vulnerability
Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...
Authentication flaw
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...
CVE-2022-24740
Volto (the Plone React frontend) versions 14.0.0-alpha.5 through 15.0.0-alpha.0 are vulnerable to authentication cookie replacement under high server load due to an outdated react-cookie library. This could allow an attacker to gain the other user’s account privileges. A proof of concept does not...
Plone 跨站脚本漏洞
Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...
PYSEC-2017-60
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...
Plone Zope SAXutils Command Execution
Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...