EUVD-2014-0054

Malware in sbrugna...

Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

GHSA-79HJ-474H-V4XV Plone denial of service via RSS Feed Request

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service infinite loop via an RSS feed request for a folder the user does not have permission to access...

Plone Code Injection vulnerability

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

CVE-2012-5494

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

PYSEC-2014-36

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

Cross site scripting

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

Design/Logic Flaw

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service memory consumption via a large value, related to formatColumns...

CVE-2012-5506

The CVE-2012-5506 entry affects Plone: python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) by issuing an RSS feed request for a folder the user does not have permission to access. Connected advisories corroborate the s...