Vulnerabilities > Plone > Plone > 5.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2020-7936 | Open Redirect vulnerability in Plone An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | 5.8 |
| 2018-01-03 | CVE-2017-1000484 | Open Redirect vulnerability in Plone By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. | 5.8 |
| 2018-01-03 | CVE-2017-1000483 | Unspecified vulnerability in Plone Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. | 4.0 |
| 2018-01-03 | CVE-2017-1000482 | Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 3.5 |
| 2018-01-03 | CVE-2017-1000481 | Open Redirect vulnerability in Plone When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. | 5.8 |