Vulnerabilities > Plone > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-23756 | Unspecified vulnerability in Plone 5.2.13 The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. | 7.5 |
| 2024-01-18 | CVE-2024-0669 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Plone A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. | 7.1 |
| 2023-09-21 | CVE-2023-42457 | Allocation of Resources Without Limits or Throttling vulnerability in Plone Rest 2.0.0/3.0.0 plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. | 7.5 |
| 2023-02-17 | CVE-2021-33926 | Server-Side Request Forgery (SSRF) vulnerability in Plone An issue in Plone CMS v. | 8.8 |
| 2021-05-21 | CVE-2021-33509 | Incorrect Permission Assignment for Critical Resource vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 8.5 |
| 2020-01-23 | CVE-2020-7941 | Improper Privilege Management vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 7.5 |
| 2017-02-24 | CVE-2016-4041 | Permissions, Privileges, and Access Controls vulnerability in Plone Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | 7.5 |
| 2014-09-30 | CVE-2012-5493 | Code Injection vulnerability in Plone gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | 8.5 |
| 2014-09-30 | CVE-2012-5487 | Permissions, Privileges, and Access Controls vulnerability in Plone The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | 8.5 |
| 2011-07-19 | CVE-2011-2528 | Remote Security vulnerability in Zope Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. | 7.5 |