Vulnerabilities > Plone > Plone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-23756 | Unspecified vulnerability in Plone 5.2.13 The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. | 7.5 |
| 2024-01-18 | CVE-2024-0669 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Plone A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. | 7.1 |
| 2023-02-17 | CVE-2021-33926 | Server-Side Request Forgery (SSRF) vulnerability in Plone An issue in Plone CMS v. | 8.8 |
| 2022-01-28 | CVE-2022-23599 | Open Redirect vulnerability in Plone Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. | 6.1 |
| 2021-06-30 | CVE-2021-35959 | Cross-site Scripting vulnerability in Plone In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | 3.5 |
| 2021-05-21 | CVE-2021-33507 | Cross-site Scripting vulnerability in multiple products Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. | 4.3 |
| 2021-05-21 | CVE-2021-33508 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | 3.5 |
| 2021-05-21 | CVE-2021-33509 | Incorrect Permission Assignment for Critical Resource vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 8.5 |
| 2021-05-21 | CVE-2021-33510 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | 4.0 |
| 2021-05-21 | CVE-2021-33511 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone though 5.2.4 allows SSRF via the lxml parser. | 5.0 |