Vulnerabilities > Plone > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-11 | CVE-2013-4199 | Improper Input Validation vulnerability in Plone (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). | 3.5 |
| 2011-06-06 | CVE-2011-1949 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. | 3.5 |