GHSA-8W54-22W9-3G8F Cross-site Scripting and Open Redirect in Products.CMFPlone

Impact Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link...

Update — Hacker Claims to Have Hacked the FBI, But It Wasn't

Update: A hacker yesterday claimed to have hacked the FBI's website running on Plone CMS, but it seems it wasn't hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story see below with official statements. A hacker, using Twitter handle CyberZeist,...

Zope Management Interface 4.3.7 - CSRF Vulnerabilities

Exploit for php platform in category web applications Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone Is a Content Management System built on top of the open source...