Plone

Plone

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2011-4030

  • EPSS 1.07%
  • Veröffentlicht 10.10.2011 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulner...

4.3

CVE-2011-1340

Exploit
  • EPSS 0.29%
  • Veröffentlicht 05.08.2011 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.

7.5

CVE-2011-2528

  • EPSS 0.59%
  • Veröffentlicht 19.07.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly...

4.3

CVE-2011-1948

  • EPSS 0.53%
  • Veröffentlicht 06.06.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

3.5

CVE-2011-1949

  • EPSS 0.37%
  • Veröffentlicht 06.06.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CV...

5.5

CVE-2011-1950

  • EPSS 0.76%
  • Veröffentlicht 06.06.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

7.5

CVE-2011-0720

  • EPSS 1.41%
  • Veröffentlicht 03.02.2011 17:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

4.3

CVE-2010-2422

  • EPSS 0.47%
  • Veröffentlicht 24.06.2010 12:17:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.

4.3

CVE-2008-4571

Exploit
  • EPSS 0.36%
  • Veröffentlicht 15.10.2008 20:00:03
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in ...

7.5

CVE-2007-5741

  • EPSS 3.39%
  • Veröffentlicht 07.11.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.