Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-23054 |
|
Vulnerability in plone (CVE-2024-23054)
vulnerability in plone (CVE-2024-23054). Successful exploitation can lead to full system takeover.
|
| CVE-2024-23055 |
|
Vulnerability in plone (CVE-2024-23055)
vulnerability in plone (CVE-2024-23055). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2015-7293 |
|
Cross-Site Request Forgery (CSRF) in plone (CVE-2015-7293)
vulnerability in plone (CVE-2015-7293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.0a1` or later.
|
| CVE-2015-7318 |
|
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
|
| CVE-2015-7317 |
|
Vulnerability in kupu-project (CVE-2015-7317)
vulnerability in kupu-project (CVE-2015-7317). Confidential information can be exposed externally.
|
| CVE-2015-7316 |
|
Cross-Site Scripting (XSS) in plone (CVE-2015-7316)
cross-site scripting in plone (CVE-2015-7316). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3da710a2cd68587f0bf34f2e7ea1167d6eeee087, 4.0a1, 4.1a1, 4.2a1, 4.3a1, 4.3.7, 5.0rc2` or later.
|
| CVE-2015-7315 |
|
Vulnerability in plone (CVE-2015-7315)
vulnerability in plone (CVE-2015-7315). Data can be tampered with by attackers. Mitigation: upgrade to `e1d981bfa14b664317285f0f36498f4be4a23406, 4.0a1, 4.1a1, 4.2a1, 4.3a1, 4.3.7, 5.0rc2` or later.
|
| CVE-2017-5524 |
|
Vulnerability in plone (CVE-2017-5524)
vulnerability in plone (CVE-2017-5524). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-7140 |
|
Cross-Site Scripting (XSS) in plone (CVE-2016-7140)
cross-site scripting in plone (CVE-2016-7140). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
|
| CVE-2016-7139 |
|
Cross-Site Scripting (XSS) in plone (CVE-2016-7139)
cross-site scripting in plone (CVE-2016-7139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
|
| CVE-2016-7138 |
|
Cross-Site Scripting (XSS) in plone (CVE-2016-7138)
cross-site scripting in plone (CVE-2016-7138). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
|
| CVE-2016-7137 |
|
Open Redirect in plone (CVE-2016-7137)
vulnerability in plone (CVE-2016-7137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
|
| CVE-2016-7136 |
|
Cross-Site Scripting (XSS) in plone (CVE-2016-7136)
cross-site scripting in plone (CVE-2016-7136). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12` or later.
|
| CVE-2016-7135 |
|
Path Traversal in plone (CVE-2016-7135)
path traversal in plone (CVE-2016-7135). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.7, 4.3.12` or later.
|
| CVE-2016-4043 |
|
Vulnerability in plone (CVE-2016-4043)
vulnerability in plone (CVE-2016-4043). Data can be tampered with by attackers. Mitigation: upgrade to `5.1a2` or later.
|
| CVE-2016-4042 |
|
Information Disclosure in plone (CVE-2016-4042)
vulnerability in plone (CVE-2016-4042). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.1a2` or later.
|
| CVE-2016-4041 |
|
Vulnerability in plone (CVE-2016-4041)
vulnerability in plone (CVE-2016-4041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.1a2` or later.
|
| CVE-2016-7147 |
|
Cross-Site Scripting (XSS) in plone (CVE-2016-7147)
cross-site scripting in plone (CVE-2016-7147). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.12, 5.0.7` or later.
|