78 matches found
PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...
CVE-2026-28413
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
CVE-2026-28413
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
Plone Python Library Multiple Vulnerabilities (20230921)
The detected version of Plone python package, plone, is prior to version 5.2.14 or 6.x prior to 6.0.7. It is, therefore, affected by the following the vulnerabilities: - Multiple stored cross site scripting vulnerabilities exits when handling SVG images. An authenticated, remote attacker can...
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
EUVD-2017-0087
Malware in sbrugna...
EUVD-2014-0057
Malware in sbrugna...
EUVD-2011-0022
Malware in sbrugna...
EUVD-2014-0066
Malware in sbrugna...
EUVD-2014-0073
Malware in sbrugna...
EUVD-2014-0061
Malware in sbrugna...
EUVD-2011-0018
Malware in sbrugna...
EUVD-2014-0048
Malware in sbrugna...
EUVD-2014-0079
Malware in sbrugna...
EUVD-2014-0058
Malware in sbrugna...
EUVD-2014-0070
Malware in sbrugna...
EUVD-2014-0055
Malware in sbrugna...
EUVD-2007-0002
Malware in sbrugna...