Vulnerabilities > Plone

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2024-23756	Unspecified vulnerability in Plone 5.2.13 The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. network low complexity plone	7.5
2024-02-05	CVE-2024-23054	Uncontrolled Search Path Element vulnerability in Plone Docker Official Image 5.2.13 An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). network low complexity plone CWE-427 critical	9.8
2024-01-25	CVE-2024-23055	Unspecified vulnerability in Plone Docker Official Image 5.2.13 An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. network low complexity plone	6.1
2024-01-18	CVE-2024-0669	Improper Restriction of Rendered UI Layers or Frames vulnerability in Plone A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. network low complexity plone CWE-1021	7.1
2023-09-21	CVE-2023-41048	Cross-site Scripting vulnerability in Plone Namedfile 6.2.0 plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. network low complexity plone CWE-79	5.4
2023-09-21	CVE-2023-42457	Allocation of Resources Without Limits or Throttling vulnerability in Plone Rest 2.0.0/3.0.0 plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. network low complexity plone CWE-770	7.5
2023-02-17	CVE-2021-33926	Server-Side Request Forgery (SSRF) vulnerability in Plone An issue in Plone CMS v. network low complexity plone CWE-918	8.8
2022-03-14	CVE-2022-24740	Improper Authentication vulnerability in Plone Volto 14.0.0/15.0.0 Volto is a ReactJS-based frontend for the Plone Content Management System. network plone CWE-287	6.0
2022-01-28	CVE-2022-23599	Open Redirect vulnerability in Plone Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. network low complexity plone CWE-601	6.1
2021-08-02	CVE-2021-32806	Open Redirect vulnerability in Plone Isurlinportal 1.0.0/1.1.0/1.1.1 Products.isurlinportal is a replacement for isURLInPortal method in Plone. network plone CWE-601	5.8

Vulnerabilities > Plone {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Plone"}]}

Vulnerabilities > Plone