Vulnerabilities > Plone > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-30 | CVE-2021-35959 | Cross-site Scripting vulnerability in Plone In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | 3.5 |
| 2021-05-21 | CVE-2021-33513 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. | 3.5 |
| 2021-05-21 | CVE-2021-33512 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. | 3.5 |
| 2021-05-21 | CVE-2021-33508 | Cross-site Scripting vulnerability in Plone Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | 3.5 |
| 2021-05-20 | CVE-2021-3313 | Cross-site Scripting vulnerability in Plone Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. | 3.5 |
| 2021-03-24 | CVE-2021-29002 | Cross-site Scripting vulnerability in Plone 5.2.3 A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. | 3.5 |
| 2020-01-23 | CVE-2020-7937 | Cross-site Scripting vulnerability in Plone An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | 3.5 |
| 2018-01-03 | CVE-2017-1000482 | Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 3.5 |
| 2017-02-24 | CVE-2016-4043 | Permissions, Privileges, and Access Controls vulnerability in Plone Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | 3.5 |
| 2014-09-30 | CVE-2012-5502 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |