Plone@3.3.1 Security Vulnerabilities and Issues — Page 2 of Plone@3.3.1 CVE List

Lucene search

PlonePlone3.3.1

60 matches found

CVE•added 2014/03/11 7:37 p.m.•37 views

CVE-2013-4196

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

5CVSS6.2AI score0.00319EPSS

CVE•added 2014/03/11 7:37 p.m.•37 views

CVE-2013-4198

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

4CVSS6.6AI score0.00305EPSS

CVE•added 2014/09/30 2:55 p.m.•36 views

CVE-2012-5493

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

8.5CVSS7.2AI score0.00492EPSS

CVE•added 2014/03/11 7:37 p.m.•35 views

CVE-2013-4199

(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).

3.5CVSS6.4AI score0.0048EPSS

CVE•added 2017/09/25 5:29 p.m.•35 views

CVE-2015-7318

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

7.5CVSS7.5AI score0.00431EPSS

CVE•added 2014/09/30 2:55 p.m.•34 views

CVE-2012-5501

at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.

5CVSS6.4AI score0.00319EPSS

CVE•added 2014/03/11 7:37 p.m.•34 views

CVE-2013-4194

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.

4.3CVSS6.2AI score0.00319EPSS

CVE•added 2014/05/02 2:55 p.m.•33 views

CVE-2013-7060

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

5CVSS6.6AI score0.00283EPSS

CVE•added 2014/05/02 2:55 p.m.•33 views

CVE-2013-7061

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

5.5CVSS6.5AI score0.00259EPSS

CVE•added 2014/09/30 2:55 p.m.•32 views

CVE-2012-5490

Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00285EPSS

Total number of security vulnerabilities60