Vulnerabilities > Plone > Plone > 3.3.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 6.5 |
2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 6.5 |
2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 6.5 |
2020-01-02 | CVE-2013-7062 | Cross-site Scripting vulnerability in Plone Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | 4.3 |
2018-01-03 | CVE-2017-1000484 | Open Redirect vulnerability in Plone By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. | 5.8 |
2018-01-03 | CVE-2017-1000483 | Unspecified vulnerability in Plone Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. | 4.0 |
2018-01-03 | CVE-2017-1000482 | Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 3.5 |
2018-01-03 | CVE-2017-1000481 | Open Redirect vulnerability in Plone When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. | 5.8 |
2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 6.8 |
2017-09-25 | CVE-2015-7318 | Improper Input Validation vulnerability in Plone Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | 5.0 |