Vulnerabilities > Plone > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-20 | CVE-2021-3313 | Cross-site Scripting vulnerability in Plone Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. | 5.4 |
| 2021-03-24 | CVE-2021-29002 | Cross-site Scripting vulnerability in Plone 5.2.3 A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. | 5.4 |
| 2021-03-08 | CVE-2021-21336 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 6.5 |
| 2020-01-23 | CVE-2020-7937 | Cross-site Scripting vulnerability in Plone An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | 5.4 |
| 2020-01-23 | CVE-2020-7936 | Open Redirect vulnerability in Plone An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | 6.1 |
| 2020-01-02 | CVE-2013-7062 | Cross-site Scripting vulnerability in Plone Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | 6.1 |
| 2018-01-03 | CVE-2017-1000484 | Open Redirect vulnerability in Plone By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. | 6.1 |
| 2018-01-03 | CVE-2017-1000483 | Unspecified vulnerability in Plone Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. | 6.5 |
| 2018-01-03 | CVE-2017-1000482 | Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 5.4 |
| 2018-01-03 | CVE-2017-1000481 | Open Redirect vulnerability in Plone When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. | 6.1 |