Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Plone Subscribe
Total 108 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4188 1 Plone 1 Plone 2014-03-11 4.3 MEDIUM N/A
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
CVE-2011-4030 1 Plone 2 Cmfeditions, Plone 2011-10-29 9.3 HIGH N/A
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
CVE-2011-3587 2 Plone, Zope 2 Plone, Zope 2011-10-20 9.3 HIGH N/A
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
CVE-2011-1340 1 Plone 1 Plone 2011-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
CVE-2011-2528 2 Plone, Zope 3 Plone, Plone Hotfix 20110720, Zope 2011-07-24 7.5 HIGH N/A
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
CVE-2010-2422 1 Plone 1 Plone 2010-06-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
CVE-2008-4571 1 Plone 1 Plone 2008-11-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
CVE-2006-4247 1 Plone 1 Plone 2008-09-05 6.4 MEDIUM N/A
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."