Vulnerabilities > Plone > Plone > 4.3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-08 | CVE-2021-21336 | Information Exposure vulnerability in multiple products Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 4.0 |
2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 6.5 |
2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 6.5 |
2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 6.5 |
2020-12-17 | CVE-2020-35190 | Missing Authentication for Critical Function vulnerability in Plone The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. | 10.0 |
2020-01-23 | CVE-2020-7941 | Improper Privilege Management vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 7.5 |
2020-01-23 | CVE-2020-7940 | Weak Password Requirements vulnerability in Plone Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | 5.0 |
2020-01-23 | CVE-2020-7939 | SQL Injection vulnerability in Plone SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. | 6.5 |
2020-01-23 | CVE-2020-7936 | Open Redirect vulnerability in Plone An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | 5.8 |
2020-01-02 | CVE-2013-7062 | Cross-site Scripting vulnerability in Plone Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | 4.3 |