Vulnerabilities > Plone > Plone > 4.3.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-03 | CVE-2017-1000484 | Open Redirect vulnerability in Plone By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. | 5.8 |
2018-01-03 | CVE-2017-1000483 | Unspecified vulnerability in Plone Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. | 4.0 |
2018-01-03 | CVE-2017-1000482 | Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 3.5 |
2018-01-03 | CVE-2017-1000481 | Open Redirect vulnerability in Plone When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. | 5.8 |
2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 6.8 |