| CVE-2015-7293 |
high |
8.8 |
9.8 |
|
|
|
9y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. |
| CVE-2011-4030 |
critical |
— |
9.3 |
|
|
|
15y ago |
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable |
| CVE-2012-5493 |
high |
— |
8.5 |
|
|
|
4y ago |
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. |
| CVE-2012-5487 |
high |
— |
8.5 |
|
|
|
12y ago |
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and e… |
| CVE-2011-0720 |
high |
— |
7.5 |
|
|
|
4y ago |
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and… |
| CVE-2015-7318 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. |
| CVE-2011-2528 |
high |
— |
7.5 |
|
|
|
15y ago |
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privi… |
| CVE-2016-4041 |
high |
7.3 |
7.3 |
|
|
|
9y ago |
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. |
| CVE-2012-5502 |
low |
— |
3.5 |
|
|
|
12y ago |
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script … |
| CVE-2013-4199 |
low |
— |
3.5 |
|
|
|
12y ago |
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v… |
| CVE-2011-1949 |
low |
— |
3.5 |
|
|
|
15y ago |
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via uns… |
