Vulnerabilities > Plone
|2022-03-14||CVE-2022-24740|| Improper Authentication vulnerability in Plone Volto 14.0.0/15.0.0 |
Volto is a ReactJS-based frontend for the Plone Content Management System.
| 6.0 |
|2022-01-28||CVE-2022-23599|| Cross-site Scripting vulnerability in Plone |
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3.
| 2.6 |
|2021-08-02||CVE-2021-32806|| Open Redirect vulnerability in Plone Isurlinportal 1.0.0/1.1.0/1.1.1 |
Products.isurlinportal is a replacement for isURLInPortal method in Plone.
| 5.8 |
|2021-06-30||CVE-2021-35959|| Cross-site Scripting vulnerability in Plone |
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
| 3.5 |
|2021-05-21||CVE-2021-33507|| Cross-site Scripting vulnerability in multiple products |
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
| 4.3 |
|2021-05-21||CVE-2021-33508|| Cross-site Scripting vulnerability in Plone |
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
| 3.5 |
|2021-05-21||CVE-2021-33509|| Incorrect Permission Assignment for Critical Resource vulnerability in Plone |
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
| 8.5 |
|2021-05-21||CVE-2021-33510|| Server-Side Request Forgery (SSRF) vulnerability in Plone |
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
| 4.0 |
|2021-05-21||CVE-2021-33511|| Server-Side Request Forgery (SSRF) vulnerability in Plone |
Plone though 5.2.4 allows SSRF via the lxml parser.
| 5.0 |
|2021-05-21||CVE-2021-33512|| Cross-site Scripting vulnerability in Plone |
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
| 3.5 |