Vulnerabilities > Plone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-29002 | Cross-site Scripting vulnerability in Plone 5.2.3 A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. | 3.5 |
| 2021-03-08 | CVE-2021-21336 | Information Exposure vulnerability in multiple products Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 4.0 |
| 2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 6.5 |
| 2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 6.5 |
| 2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 6.5 |
| 2020-12-17 | CVE-2020-35190 | Missing Authentication for Critical Function vulnerability in Plone The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. | 10.0 |
| 2020-01-23 | CVE-2020-7941 | Improper Privilege Management vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 7.5 |
| 2020-01-23 | CVE-2020-7940 | Weak Password Requirements vulnerability in Plone Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | 5.0 |
| 2020-01-23 | CVE-2020-7939 | SQL Injection vulnerability in Plone SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. | 6.5 |
| 2020-01-23 | CVE-2020-7938 | Improper Privilege Management vulnerability in Plone 5.2.0/5.2.1 plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | 6.5 |