Vulnerabilities > Plone > Plone > 5.1.6

DATE CVE VULNERABILITY TITLE RISK
2024-01-18 CVE-2024-0669 Improper Restriction of Rendered UI Layers or Frames vulnerability in Plone
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5.
network
low complexity
plone CWE-1021
7.1
2023-02-17 CVE-2021-33926 Server-Side Request Forgery (SSRF) vulnerability in Plone
An issue in Plone CMS v.
network
low complexity
plone CWE-918
8.8
2021-06-30 CVE-2021-35959 Cross-site Scripting vulnerability in Plone
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
network
plone CWE-79
3.5
2021-05-21 CVE-2021-33507 Cross-site Scripting vulnerability in multiple products
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
network
plone zope CWE-79
4.3
2021-05-21 CVE-2021-33508 Cross-site Scripting vulnerability in Plone
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
network
plone CWE-79
3.5
2021-05-21 CVE-2021-33509 Incorrect Permission Assignment for Critical Resource vulnerability in Plone
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
network
plone CWE-732
8.5
2021-05-21 CVE-2021-33510 Server-Side Request Forgery (SSRF) vulnerability in Plone
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
network
low complexity
plone CWE-918
4.0
2021-05-21 CVE-2021-33511 Server-Side Request Forgery (SSRF) vulnerability in Plone
Plone though 5.2.4 allows SSRF via the lxml parser.
network
low complexity
plone CWE-918
5.0
2021-05-21 CVE-2021-33512 Cross-site Scripting vulnerability in Plone
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
network
plone CWE-79
3.5
2021-05-21 CVE-2021-33513 Cross-site Scripting vulnerability in Plone
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
network
plone CWE-79
3.5