Plone

Plone

103 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2011-4030

  • EPSS 1.07%
  • Published 10.10.2011 10:55:06
  • Last modified 11.04.2025 00:51:21

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulner...

4.3

CVE-2011-1340

Exploit
  • EPSS 0.29%
  • Published 05.08.2011 21:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.

7.5

CVE-2011-2528

  • EPSS 0.59%
  • Published 19.07.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly...

4.3

CVE-2011-1948

  • EPSS 0.53%
  • Published 06.06.2011 19:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

3.5

CVE-2011-1949

  • EPSS 0.37%
  • Published 06.06.2011 19:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CV...

5.5

CVE-2011-1950

  • EPSS 0.76%
  • Published 06.06.2011 19:55:02
  • Last modified 11.04.2025 00:51:21

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

7.5

CVE-2011-0720

  • EPSS 1.41%
  • Published 03.02.2011 17:00:03
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

4.3

CVE-2010-2422

  • EPSS 0.47%
  • Published 24.06.2010 12:17:44
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

4.3

CVE-2008-4571

Exploit
  • EPSS 0.36%
  • Published 15.10.2008 20:00:03
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in ...

7.5

CVE-2007-5741

  • EPSS 3.39%
  • Published 07.11.2007 21:46:00
  • Last modified 09.04.2025 00:30:58

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.