Vulnerabilities > Plone > Plone > 5.2.3

DATE CVE VULNERABILITY TITLE RISK
2021-05-21 CVE-2021-32633 Path Traversal vulnerability in multiple products
Zope is an open-source web application server.
network
low complexity
plone zope CWE-22
6.5
6.5
2021-05-20 CVE-2021-3313 Cross-site Scripting vulnerability in Plone
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality.
network
plone CWE-79
3.5
3.5
2021-03-24 CVE-2021-29002 Cross-site Scripting vulnerability in Plone 5.2.3
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
network
plone CWE-79
3.5
3.5
2021-03-08 CVE-2021-21336 Information Exposure vulnerability in multiple products
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework.
network
low complexity
zope plone CWE-200
4.0
4.0