Vulnerabilities > Plone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-30 | CVE-2021-35959 | Cross-site Scripting vulnerability in Plone In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | 5.4 |
| 2021-05-21 | CVE-2021-33507 | Cross-site Scripting vulnerability in multiple products Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. | 6.1 |
| 2021-05-21 | CVE-2021-33508 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | 5.4 |
| 2021-05-21 | CVE-2021-33509 | Incorrect Permission Assignment for Critical Resource vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 9.9 |
| 2021-05-21 | CVE-2021-33510 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | 4.3 |
| 2021-05-21 | CVE-2021-33511 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone though 5.2.4 allows SSRF via the lxml parser. | 7.5 |
| 2021-05-21 | CVE-2021-33512 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. | 5.4 |
| 2021-05-21 | CVE-2021-33513 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. | 5.4 |
| 2021-05-21 | CVE-2021-32633 | Path Traversal vulnerability in multiple products Zope is an open-source web application server. | 8.8 |
| 2021-05-20 | CVE-2021-3313 | Cross-site Scripting vulnerability in Plone Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. | 5.4 |