Vulnerabilities > Plone > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-23756 | Unspecified vulnerability in Plone 5.2.13 The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. | 7.5 |
| 2024-01-18 | CVE-2024-0669 | Unspecified vulnerability in Plone A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. | 7.1 |
| 2023-09-21 | CVE-2023-42457 | Allocation of Resources Without Limits or Throttling vulnerability in Plone Rest 2.0.0/3.0.0 plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. | 7.5 |
| 2023-02-17 | CVE-2021-33926 | Server-Side Request Forgery (SSRF) vulnerability in Plone An issue in Plone CMS v. | 8.8 |
| 2022-03-14 | CVE-2022-24740 | Improper Authentication vulnerability in Plone Volto Volto is a ReactJS-based frontend for the Plone Content Management System. | 7.5 |
| 2021-05-21 | CVE-2021-33511 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone though 5.2.4 allows SSRF via the lxml parser. | 7.5 |
| 2021-05-21 | CVE-2021-32633 | Path Traversal vulnerability in multiple products Zope is an open-source web application server. | 8.8 |
| 2020-12-30 | CVE-2020-28736 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | 8.8 |
| 2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 8.8 |
| 2020-12-30 | CVE-2020-28734 | XXE vulnerability in Plone Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | 8.8 |