Latest version: v6.1.1
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2015-7315 | 35643 |
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6,… |
|
MEDIUM | 5.9 |
| CVE-2015-7316 | 35644 |
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6… |
|
MEDIUM | 6.1 |
| CVE-2013-7062 | 37753 |
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used … |
|
MEDIUM | 6.1 |
| CVE-2015-7317 | 65850 |
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, … |
|
MEDIUM | 6.8 |
| CVE-2016-7137 | 35685 |
Plone 3.3.6, 4.3.11 and 5.0.6 include a fix for CVE-2016-7137: Multip… |
|
MEDIUM | 6.1 |
| CVE-2016-7139 | 35687 |
Plone 3.3.6, 4.3.11 and 5.0.6 include a fix for CVE-2016-7139: Cross-… |
|
MEDIUM | 6.1 |
| CVE-2016-7140 | 35688 |
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page i… |
|
MEDIUM | 6.1 |
| CVE-2016-7138 | 35686 |
Cross-site scripting (XSS) vulnerability in the URL checking infrastr… |
|
MEDIUM | 6.1 |
| CVE-2013-4189 | 35441 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4189: Multiple … |
|
MEDIUM | 6.5 |
| CVE-2013-4192 | 35444 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4192: sendto.py… |
|
MEDIUM | 4.0 |
| CVE-2013-4191 | 35443 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4191: zip.py in… |
|
MEDIUM | 5.8 |
| CVE-2013-4197 | 35449 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4197: member_po… |
|
MEDIUM | 5.5 |
| CVE-2013-4195 | 35447 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4195: Multiple … |
|
MEDIUM | 5.8 |
| CVE-2013-4193 | 35445 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4193: typeswidg… |
|
MEDIUM | 4.3 |
| CVE-2013-4188 | 35440 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4188: traverser… |
|
MEDIUM | 4.3 |
| CVE-2013-4199 | 35451 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4195: (1) cb_de… |
|
LOW | 3.5 |
| CVE-2013-4194 | 35446 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4194: The WYSIW… |
|
MEDIUM | 4.3 |
| CVE-2013-4196 | 35448 |
Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4196: The objec… |
|
MEDIUM | 5.0 |
| CVE-2013-4190 | 35442 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtec… |
|
MEDIUM | 4.3 |
| CVE-2013-4198 | 35450 |
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4… |
|
MEDIUM | 4.0 |
| CVE-2013-4200 | 35452 |
The isURLInPortal method in the URLTool class in in_portal.py in Plon… |
|
MEDIUM | 5.8 |
| CVE-2017-1000484 | 35704 |
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an… |
|
MEDIUM | 6.1 |
| CVE-2017-5524 | 35733 |
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers… |
|
MEDIUM | 4.3 |
| PVE-2023-99914 | 62007 |
There exists a vulnerability that could potentially lead to the unaut… |
|
- | - |
| CVE-2021-33926 | 53375 |
Plone 5.2.5 and 4.3.20 include a fix for CVE-2021-33926: By adding an… |
|
HIGH | 8.8 |
| CVE-2016-7147 | 35689 |
Plone 4.3.12 and 5.0.7 include a fix for CVE-2016-7147: Cross-site sc… |
|
MEDIUM | 6.1 |
| CVE-2016-7135 | 35683 |
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and … |
|
MEDIUM | 4.9 |
| CVE-2012-5504 | 35395 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5504: Cross-site scr… |
|
MEDIUM | 4.3 |
| CVE-2012-5505 | 35396 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5505: atat.py in Plo… |
|
MEDIUM | 5.0 |
| CVE-2012-5508 | 35398 |
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow rem… |
|
MEDIUM | 5.0 |
| CVE-2012-5494 | 35387 |
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plon… |
|
MEDIUM | 4.3 |
| CVE-2012-5488 | 35382 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5488: Python_scripts… |
|
MEDIUM | 5.0 |
| CVE-2012-5506 | 35397 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5506: python_scripts… |
|
MEDIUM | 5.0 |
| CVE-2012-5503 | 25999 |
ftp.py in Plone before 4.2.3 and 4.3b1 allows remote attackers to rea… |
|
MEDIUM | 5.0 |
| CVE-2012-5495 | 35388 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5495: python_scripts… |
|
MEDIUM | 5.0 |
| CVE-2012-5497 | 35389 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5497: membership_too… |
|
MEDIUM | 5.0 |
| CVE-2012-5485 | 35380 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5485: registerConfig… |
|
MEDIUM | 6.8 |
| CVE-2012-5501 | 35393 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5501: at_download.py… |
|
MEDIUM | 5.0 |
| CVE-2012-5493 | 35386 |
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote aut… |
|
HIGH | 8.5 |
| CVE-2012-5499 | 35391 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5499: python_scripts… |
|
MEDIUM | 5.0 |
| CVE-2012-5491 | 35384 |
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows… |
|
MEDIUM | 4.3 |
| CVE-2012-5487 | 35381 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5487: The sandbox wh… |
|
HIGH | 8.5 |
| CVE-2012-6661 | 42186 |
Plone versions 4.2.3 and 4.3b1 include a fix for CVE-2012-6661, a vul… |
|
MEDIUM | 5.0 |
| CVE-2012-5492 | 35385 |
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows rem… |
|
MEDIUM | 5.0 |
| CVE-2012-5500 | 35392 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5500: The batch id c… |
|
MEDIUM | 4.3 |
| CVE-2012-5502 | 35394 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5502: Cross-site scr… |
|
LOW | 3.5 |
| CVE-2012-5498 | 35390 |
Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5498: queryCatalog.p… |
|
MEDIUM | 5.0 |
| CVE-2012-5490 | 35383 |
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone befo… |
|
MEDIUM | 4.3 |
| CVE-2011-1950 | 25974 |
Plone 4.2 and 4.0.6 include a fix for CVE-2011-1950: plone.app.users … |
|
MEDIUM | 5.5 |
| CVE-2016-7136 | 35684 |
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows… |
|
MEDIUM | 6.1 |
| CVE-2011-1948 | 25972 |
Plone 4.0.7 and 4.1.1 include a fix for CVE-2011-1948: Cross-site scr… |
|
MEDIUM | 4.3 |
| CVE-2011-2528 | 25965 |
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.… |
|
HIGH | 7.5 |
| CVE-2011-1949 | 25997 |
Plone 4.2 and 4.0.6 include a fix for CVE-2011-1949: Cross-site scrip… |
|
LOW | 3.5 |
| CVE-2006-1711 | 61215 |
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1)… |
|
MEDIUM | 5.0 |
| CVE-2024-0669 | 64455 |
A Cross-Frame Scripting vulnerability has been found on Plone CMS aff… |
|
HIGH | 7.1 |
| CVE-2021-3313 | 40528 |
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS)… |
|
MEDIUM | 5.4 |
| CVE-2021-33513 | 40538 |
Plone through 5.2.4 allows XSS via the inline_diff methods in Product… |
|
MEDIUM | 5.4 |
| CVE-2021-33508 | 40533 |
Plone through 5.2.4 allows XSS via a full name that is mishandled dur… |
|
MEDIUM | 5.4 |
| CVE-2021-33509 | 40534 |
Plone through 5.2.4 allows remote authenticated managers to perform d… |
|
CRITICAL | 9.9 |
| CVE-2021-33512 | 40537 |
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by u… |
|
MEDIUM | 5.4 |
| CVE-2021-33511 | 40536 |
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diaz… |
|
HIGH | 7.5 |
| CVE-2021-33507 | 40821 |
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService … |
|
MEDIUM | 6.1 |
| CVE-2021-33510 | 40535 |
Plone through 5.2.4 allows remote authenticated managers to conduct S… |
|
MEDIUM | 4.3 |
| CVE-2021-29002 | 40094 |
Plone 5.2.3 is affected by CVE-2021-29002: A stored cross-site script… |
|
MEDIUM | 5.4 |
| CVE-2020-28735 | 39377 |
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (on… |
|
HIGH | 8.8 |
| CVE-2020-28736 | 39378 |
Plone before 5.2.3 allows XXE attacks via a feature that is protected… |
|
HIGH | 8.8 |
| CVE-2020-28734 | 39376 |
Plone before 5.2.3 allows XXE attacks via a feature that is explicitl… |
|
HIGH | 8.8 |
| PVE-2021-38990 | 38990 |
Plone 5.2.2 contains Products.isurlinportal 1.1.0 with a minor securi… |
|
HIDDEN | X.Y |
| CVE-2024-23756 | 65287 |
The HTTP PUT and DELETE methods are enabled in the Plone official Doc… |
|
HIGH | 7.5 |
| CVE-2024-23055 | 64641 |
An issue in Plone Docker Official Image 5.2.13 (5221) open-source sof… |
|
MEDIUM | 6.1 |
| CVE-2020-7938 | 37786 |
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certai… |
|
HIGH | 8.8 |
| CVE-2016-4043 | 35668 |
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authe… |
|
MEDIUM | 4.9 |
| PVE-2023-99915 | 62006 |
Numerous cross-site request forgery vulnerabilities have been discove… |
|
- | - |
| CVE-2020-7937 | 37785 |
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows use… |
|
MEDIUM | 5.4 |
| CVE-2021-35959 | 40886 |
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the fold… |
|
MEDIUM | 5.4 |
| PVE-2023-99927 | 61947 |
Plone is exposed to risks associated with reflected cross-site script… |
|
- | - |
| CVE-2011-3587 | 33144 |
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone… |
|
HIGH | 9.3 |
| CVE-2011-4030 | 33145 |
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and … |
|
HIGH | 9.3 |
| CVE-2020-7941 | 36898 |
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 t… |
|
CRITICAL | 9.8 |
| CVE-2020-7940 | 37788 |
Missing password strength checks on some forms in Plone 4.3 through 5… |
|
HIGH | 7.5 |
| CVE-2020-35190 | 39305 |
The official plone Docker images before version of 4.3.18-alpine (Alp… |
|
CRITICAL | 9.8 |
| CVE-2015-7293 | 35642 |
Plone 4.3.9 includes a fix for CVE-2015-7293: Multiple cross-site req… |
|
HIGH | 8.8 |
| CVE-2012-5486 | 25996 |
Plone 4.3 includes a fix for CVE-2012-5486: It was discovered that Pl… |
|
MEDIUM | 6.4 |
| CVE-2011-4462 | 25973 |
Plone 4.1.3 and earlier computes hash values for form parameters with… |
|
MEDIUM | 5.0 |
| CVE-2020-7939 | 37787 |
SQL Injection in DTML or in connection objects in Plone 4.0 through 5… |
|
HIGH | 8.8 |
| CVE-2020-7936 | 37784 |
An open redirect on the login form (and possibly other places) in Plo… |
|
MEDIUM | 6.1 |
| CVE-2016-4041 | 35666 |
Plone 4.0 through 5.1a1 does not have security declarations for Dexte… |
|
HIGH | 7.3 |
| CVE-2012-5496 | 33143 |
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attacker… |
|
MEDIUM | 5.0 |
| CVE-2016-4042 | 35667 |
Plone 3.3 through 5.1a1 allows remote attackers to obtain information… |
|
MEDIUM | 5.3 |
| CVE-2013-7061 | 35491 |
Plone 4.3.3 includes a fix for CVE-2013-7061: Products/CMFPlone/Catal… |
|
MEDIUM | 5.5 |
| CVE-2013-7060 | 35490 |
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows re… |
|
MEDIUM | 5.0 |
| CVE-2010-2422 | 25967 |
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone… |
|
MEDIUM | 4.3 |
| CVE-2015-7318 | 35646 |
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers i… |
|
HIGH | 7.5 |
| CVE-2008-1396 | 67966 |
Plone CMS 3.x uses invariant data (a client username and a server sec… |
|
MEDIUM | 4.3 |
| CVE-2008-1395 | 67965 |
Plone CMS does not record users' authentication states, and implement… |
|
HIGH | 7.5 |
| CVE-2008-0164 | 67964 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone C… |
|
MEDIUM | 4.3 |
| CVE-2008-1393 | 61312 |
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 enc… |
|
HIGH | 10.0 |
| CVE-2008-4571 | 61260 |
Cross-site scripting (XSS) vulnerability in the LiveSearch module in … |
|
MEDIUM | 4.3 |
| CVE-2017-1000483 | 35703 |
Accessing private content via str.format in through-the-web templates… |
|
MEDIUM | 6.5 |
| CVE-2017-1000482 | 35702 |
A member of the Plone 2.5-5.1rc1 site could set javascript in the hom… |
|
MEDIUM | 5.4 |
| CVE-2017-1000481 | 35701 |
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends… |
|
MEDIUM | 6.1 |
| CVE-2011-0720 | 33142 |
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga,… |
|
HIGH | 7.5 |
| CVE-2006-4249 | 61217 |
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when an… |
|
MEDIUM | 4.3 |
| CVE-2006-4247 | 61216 |
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on … |
|
MEDIUM | 6.4 |
| CVE-2011-1340 | 25966 |
Cross-site scripting (XSS) vulnerability in skins/plone_templates/def… |
|
MEDIUM | 4.3 |
| CVE-2008-1394 | 65830 |
Plone CMS before 3 places a base64 encoded form of the username and p… |
|
HIGH | 7.5 |