Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: plone Clear
ID Title
CVE-2024-23054 Vulnerability in plone (CVE-2024-23054)
vulnerability in plone (CVE-2024-23054). Successful exploitation can lead to full system takeover.
CVE-2024-23055 Vulnerability in plone (CVE-2024-23055)
vulnerability in plone (CVE-2024-23055). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
CVE-2015-7293 Cross-Site Request Forgery (CSRF) in plone (CVE-2015-7293)
vulnerability in plone (CVE-2015-7293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.0a1` or later.
CVE-2015-7318 Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
CVE-2015-7317 Vulnerability in kupu-project (CVE-2015-7317)
vulnerability in kupu-project (CVE-2015-7317). Confidential information can be exposed externally.
CVE-2015-7316 Cross-Site Scripting (XSS) in plone (CVE-2015-7316)
cross-site scripting in plone (CVE-2015-7316). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3da710a2cd68587f0bf34f2e7ea1167d6eeee087, 4.0a1, 4.1a1, 4.2a1, 4.3a1, 4.3.7, 5.0rc2` or later.
CVE-2015-7315 Vulnerability in plone (CVE-2015-7315)
vulnerability in plone (CVE-2015-7315). Data can be tampered with by attackers. Mitigation: upgrade to `e1d981bfa14b664317285f0f36498f4be4a23406, 4.0a1, 4.1a1, 4.2a1, 4.3a1, 4.3.7, 5.0rc2` or later.
CVE-2017-5524 Vulnerability in plone (CVE-2017-5524)
vulnerability in plone (CVE-2017-5524). Risk of unauthorized operations or information disclosure.
CVE-2016-7140 Cross-Site Scripting (XSS) in plone (CVE-2016-7140)
cross-site scripting in plone (CVE-2016-7140). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
CVE-2016-7139 Cross-Site Scripting (XSS) in plone (CVE-2016-7139)
cross-site scripting in plone (CVE-2016-7139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
CVE-2016-7138 Cross-Site Scripting (XSS) in plone (CVE-2016-7138)
cross-site scripting in plone (CVE-2016-7138). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
CVE-2016-7137 Open Redirect in plone (CVE-2016-7137)
vulnerability in plone (CVE-2016-7137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12, 4.0a1` or later.
CVE-2016-7136 Cross-Site Scripting (XSS) in plone (CVE-2016-7136)
cross-site scripting in plone (CVE-2016-7136). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.7, 4.3.12` or later.
CVE-2016-7135 Path Traversal in plone (CVE-2016-7135)
path traversal in plone (CVE-2016-7135). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.7, 4.3.12` or later.
CVE-2016-4043 Vulnerability in plone (CVE-2016-4043)
vulnerability in plone (CVE-2016-4043). Data can be tampered with by attackers. Mitigation: upgrade to `5.1a2` or later.
CVE-2016-4042 Information Disclosure in plone (CVE-2016-4042)
vulnerability in plone (CVE-2016-4042). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.1a2` or later.
CVE-2016-4041 Vulnerability in plone (CVE-2016-4041)
vulnerability in plone (CVE-2016-4041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.1a2` or later.
CVE-2016-7147 Cross-Site Scripting (XSS) in plone (CVE-2016-7147)
cross-site scripting in plone (CVE-2016-7147). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.12, 5.0.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →