2 matches found
CVE-2024-23054
Summary: CVE-2024-23054 affects the Plone Docker Official Image 5.2.13 (5221) where a package listed in ++plone++static/components is not present in the public npm index, enabling remote code execution. Affected software: Plone Docker Official Image 5.2.13 (5221). Root cause: Missing package in t...
CVE-2024-23055
Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. The Nuclei template describes this issue as enabling Cross-Site Scripting when a malicious Host header is reflected in the response, with the broader impact no...