Vulnerabilites related to plone - plone
cve-2012-5491
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/07 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5491",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7317
Vulnerability from cvelistv5
Published
2017-09-25 17:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu | x_refsource_CONFIRM | |
| https://plone.org/security/hotfix/20150910 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1264799 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/09/22/15 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu"
},
{
"name": "https://plone.org/security/hotfix/20150910",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Privilege Escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7317",
"datePublished": "2017-09-25T17:00:00",
"dateReserved": "2015-09-22T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000483
Vulnerability from cvelistv5
Published
2018-01-03 18:00
Modified
2024-09-17 04:15
Severity ?
EPSS score ?
Summary
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20171128/sandbox-escape | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20171128/sandbox-escape"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20171128/sandbox-escape"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000483",
"REQUESTER": "security@plone.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20171128/sandbox-escape",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20171128/sandbox-escape"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000483",
"datePublished": "2018-01-03T18:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T04:15:16.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6661
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-09-16 23:22
Severity ?
EPSS score ?
Summary
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1071067 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/24 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121124 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/1071067",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/24",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121124",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6661",
"datePublished": "2014-11-03T22:00:00Z",
"dateReserved": "2014-11-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:22:11.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7940
Vulnerability from cvelistv5
Published
2020-01-23 20:38
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7940",
"datePublished": "2020-01-23T20:38:26",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4041
Vulnerability from cvelistv5
Published
2017-02-24 20:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/04/20/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"
},
{
"name": "[oss-security] 20160419 Re: CVE Request: Privilege escalation in webdav - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-24T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"
},
{
"name": "[oss-security] 20160419 Re: CVE Request: Privilege escalation in webdav - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"
},
{
"name": "[oss-security] 20160419 Re: CVE Request: Privilege escalation in webdav - Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4041",
"datePublished": "2017-02-24T20:00:00",
"dateReserved": "2016-04-19T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5500
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/16 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5500",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7061
Vulnerability from cvelistv5
Published
2014-05-02 14:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/20131210/catalogue-exposure | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/12/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/12/10/15 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/20131210/catalogue-exposure"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-02T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/20131210/catalogue-exposure"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/20131210/catalogue-exposure",
"refsource": "CONFIRM",
"url": "https://plone.org/security/20131210/catalogue-exposure"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7061",
"datePublished": "2014-05-02T14:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22889
Vulnerability from cvelistv5
Published
2024-03-05 00:00
Modified
2024-10-31 14:01
Severity ?
EPSS score ?
Summary
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:30:42.925082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:01:29.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T23:38:16.539158",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22889",
"datePublished": "2024-03-05T00:00:00",
"dateReserved": "2024-01-11T00:00:00",
"dateUpdated": "2024-10-31T14:01:29.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4188
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=978449 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4188",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4196
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978475 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4196",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4043
Vulnerability from cvelistv5
Published
2017-02-24 20:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/20/3 | mailing-list, x_refsource_MLIST | |
| https://plone.org/security/hotfix/20160419/bypass-restricted-python | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-24T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
},
{
"name": "https://plone.org/security/hotfix/20160419/bypass-restricted-python",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4043",
"datePublished": "2017-02-24T20:00:00",
"dateReserved": "2016-04-19T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000484
Vulnerability from cvelistv5
Published
2018-01-03 20:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don\u0027t want to make it too easy for attackers by spelling it out here.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000484",
"REQUESTER": "security@plone.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don\u0027t want to make it too easy for attackers by spelling it out here.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000484",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:21.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41048
Vulnerability from cvelistv5
Published
2023-09-21 14:31
Modified
2025-02-13 17:08
Severity ?
EPSS score ?
Summary
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| plone | plone.namedfile |
Version: < 5.6.1 Version: >= 6.0.0, < 6.0.3 Version: >= 6.1.0, < 6.1.3 Version: >= 6.2.0, < 6.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"name": "https://github.com/plone/Products.PloneHotfix20210518",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:29:03.914839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:50:58.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plone.namedfile",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 5.6.1"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.3"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.1.3"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T14:06:17.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"name": "https://github.com/plone/Products.PloneHotfix20210518",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"source": {
"advisory": "GHSA-jj7c-jrv4-c65x",
"discovery": "UNKNOWN"
},
"title": "plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41048",
"datePublished": "2023-09-21T14:31:07.171Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2025-02-13T17:08:47.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5490
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/06 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/06"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/06"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5490",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5488
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/04 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5488",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5506
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/22 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5506",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5496
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/12 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5496",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4195
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978471 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4195",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4199
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978482 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4199",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7140
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID | |
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"name": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7140",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1711
Vulnerability from cvelistv5
Published
2006-04-11 18:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev.plone.org/plone/ticket/5432 | x_refsource_MISC | |
| http://secunia.com/advisories/19633 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/17484 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2006/dsa-1032 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/19640 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1340 | vdb-entry, x_refsource_VUPEN | |
| https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25781 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"name": "19633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19633"
},
{
"name": "17484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17484"
},
{
"name": "DSA-1032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"name": "19640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19640"
},
{
"name": "ADV-2006-1340",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"name": "plone-memberid-data-manipulation(25781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"name": "19633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19633"
},
{
"name": "17484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17484"
},
{
"name": "DSA-1032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"name": "19640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19640"
},
{
"name": "ADV-2006-1340",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"name": "plone-memberid-data-manipulation(25781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.plone.org/plone/ticket/5432",
"refsource": "MISC",
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"name": "19633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19633"
},
{
"name": "17484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17484"
},
{
"name": "DSA-1032",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"name": "19640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19640"
},
{
"name": "ADV-2006-1340",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"name": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt",
"refsource": "CONFIRM",
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"name": "plone-memberid-data-manipulation(25781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1711",
"datePublished": "2006-04-11T18:00:00",
"dateReserved": "2006-04-11T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2528
Vulnerability from cvelistv5
Published
2011-07-19 20:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45056 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/20110622 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=718824 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/07/12/9 | mailing-list, x_refsource_MLIST | |
| https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html | mailing-list, x_refsource_MLIST | |
| http://plone.org/products/plone-hotfix/releases/20110622 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/45111 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/07/04/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:21.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"name": "[oss-security] 20110712 Re: CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"name": "[zone-announce] 20110628 Security Hotfix 20110622 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"name": "45111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45111"
},
{
"name": "[oss-security] 20110704 CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a \"highly serious vulnerability.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-19T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"name": "[oss-security] 20110712 Re: CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"name": "[zone-announce] 20110628 Security Hotfix 20110622 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"name": "45111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45111"
},
{
"name": "[oss-security] 20110704 CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2528",
"datePublished": "2011-07-19T20:00:00Z",
"dateReserved": "2011-06-15T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:21.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5741
Vulnerability from cvelistv5
Published
2007-11-07 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38288 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/42071 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26354 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27559 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/27530 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/483343/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2007/dsa-1405 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2007/3754 | vdb-entry, x_refsource_VUPEN | |
| http://plone.org/about/security/advisories/cve-2007-5741 | x_refsource_CONFIRM | |
| http://osvdb.org/42072 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "plone-pythoncode-execution(38288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
},
{
"name": "42071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42071"
},
{
"name": "26354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26354"
},
{
"name": "27559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27559"
},
{
"name": "27530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27530"
},
{
"name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
},
{
"name": "DSA-1405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1405"
},
{
"name": "ADV-2007-3754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/about/security/advisories/cve-2007-5741"
},
{
"name": "42072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "plone-pythoncode-execution(38288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
},
{
"name": "42071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42071"
},
{
"name": "26354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26354"
},
{
"name": "27559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27559"
},
{
"name": "27530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27530"
},
{
"name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
},
{
"name": "DSA-1405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1405"
},
{
"name": "ADV-2007-3754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/about/security/advisories/cve-2007-5741"
},
{
"name": "42072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "plone-pythoncode-execution(38288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
},
{
"name": "42071",
"refsource": "OSVDB",
"url": "http://osvdb.org/42071"
},
{
"name": "26354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26354"
},
{
"name": "27559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27559"
},
{
"name": "27530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27530"
},
{
"name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
},
{
"name": "DSA-1405",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1405"
},
{
"name": "ADV-2007-3754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3754"
},
{
"name": "http://plone.org/about/security/advisories/cve-2007-5741",
"refsource": "CONFIRM",
"url": "http://plone.org/about/security/advisories/cve-2007-5741"
},
{
"name": "42072",
"refsource": "OSVDB",
"url": "http://osvdb.org/42072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5741",
"datePublished": "2007-11-07T21:00:00",
"dateReserved": "2007-10-31T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4462
Vulnerability from cvelistv5
Published
2011-12-30 01:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nruns.com/_downloads/advisory28122011.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72018 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/903934 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/47406 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ocert.org/advisories/ocert-2011-003.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "plone-hash-dos(72018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"
},
{
"name": "VU#903934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "47406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "plone-hash-dos(72018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"
},
{
"name": "VU#903934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "47406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
"refsource": "MISC",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "plone-hash-dos(72018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"
},
{
"name": "VU#903934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "47406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47406"
},
{
"name": "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4462",
"datePublished": "2011-12-30T01:00:00",
"dateReserved": "2011-11-17T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33513
Vulnerability from cvelistv5
Published
2021-05-21 21:31
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33513",
"datePublished": "2021-05-21T21:31:55",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000482
Vulnerability from cvelistv5
Published
2018-01-03 18:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000482",
"REQUESTER": "security@plone.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000482",
"datePublished": "2018-01-03T18:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:28.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23756
Vulnerability from cvelistv5
Published
2024-02-08 00:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T20:21:39.476178",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23756",
"datePublished": "2024-02-08T00:00:00",
"dateReserved": "2024-01-22T00:00:00",
"dateUpdated": "2024-08-01T23:13:07.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5505
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/21 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5505",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7936
Vulnerability from cvelistv5
Published
2020-01-23 20:39
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker\u0027s site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker\u0027s site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"
},
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7936",
"datePublished": "2020-01-23T20:39:12",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:23.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7318
Vulnerability from cvelistv5
Published
2017-09-25 17:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20150910 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1264796 | x_refsource_CONFIRM | |
| https://plone.org/security/hotfix/20150910/header-injection | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/09/22/16 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910/header-injection"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910/header-injection"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20150910",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796"
},
{
"name": "https://plone.org/security/hotfix/20150910/header-injection",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910/header-injection"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone header injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7318",
"datePublished": "2017-09-25T17:00:00",
"dateReserved": "2015-09-22T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0669
Vulnerability from cvelistv5
Published
2024-01-18 12:26
Modified
2024-08-01 18:11
Severity ?
EPSS score ?
Summary
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Plone CMS",
"vendor": "Plone CMS",
"versions": [
{
"status": "affected",
"version": "6.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Miguel Segovia Gil"
}
],
"datePublic": "2024-01-18T12:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element."
}
],
"value": "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element."
}
],
"impacts": [
{
"capecId": "CAPEC-222",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-222 iFrame Overlay"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T12:26:25.162Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The manufacturer has fixed the vulnerability in version 6.0.7."
}
],
"value": "The manufacturer has fixed the vulnerability in version 6.0.7."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Frame Scripting (XFS) on Plone CMS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-0669",
"datePublished": "2024-01-18T12:26:14.723Z",
"dateReserved": "2024-01-18T08:26:22.410Z",
"dateUpdated": "2024-08-01T18:11:35.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4200
Vulnerability from cvelistv5
Published
2014-01-21 16:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/01/2 | mailing-list, x_refsource_MLIST | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/530787/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/01/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200"
},
{
"name": "20140116 CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/01/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200"
},
{
"name": "20140116 CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4200",
"datePublished": "2014-01-21T16:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2422
Vulnerability from cvelistv5
Published
2010-06-23 17:13
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/40270 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/40999 | vdb-entry, x_refsource_BID | |
| http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40270"
},
{
"name": "40999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-23T17:13:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40270"
},
{
"name": "40999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40270"
},
{
"name": "40999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40999"
},
{
"name": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2422",
"datePublished": "2010-06-23T17:13:00Z",
"dateReserved": "2010-06-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:56:50.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5524
Vulnerability from cvelistv5
Published
2017-03-23 16:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20170117/sandbox-escape | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95679 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/01/18/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20170117/sandbox-escape"
},
{
"name": "95679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95679"
},
{
"name": "[oss-security] 20170118 Re: CVE Request: Plone Sandbox escape vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20170117/sandbox-escape"
},
{
"name": "95679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95679"
},
{
"name": "[oss-security] 20170118 Re: CVE Request: Plone Sandbox escape vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20170117/sandbox-escape",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20170117/sandbox-escape"
},
{
"name": "95679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95679"
},
{
"name": "[oss-security] 20170118 Re: CVE Request: Plone Sandbox escape vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5524",
"datePublished": "2017-03-23T16:00:00",
"dateReserved": "2017-01-18T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5507
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1071067 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/23 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5507",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28735
Vulnerability from cvelistv5
Published
2020-12-30 18:38
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.misakikata.com/codes/plone/python-en.html | x_refsource_MISC | |
| https://github.com/plone/Products.CMFPlone/issues/3209 | x_refsource_MISC | |
| https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T18:38:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.misakikata.com/codes/plone/python-en.html",
"refsource": "MISC",
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"name": "https://github.com/plone/Products.CMFPlone/issues/3209",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"name": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28735",
"datePublished": "2020-12-30T18:38:01",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7316
Vulnerability from cvelistv5
Published
2017-09-25 17:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/09/22/14 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1264788 | x_refsource_CONFIRM | |
| https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/14"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788"
},
{
"name": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"
},
{
"name": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7316",
"datePublished": "2017-09-25T17:00:00",
"dateReserved": "2015-09-22T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28734
Vulnerability from cvelistv5
Published
2020-12-30 18:35
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.misakikata.com/codes/plone/python-en.html | x_refsource_MISC | |
| https://github.com/plone/Products.CMFPlone/issues/3209 | x_refsource_MISC | |
| https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T18:35:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.misakikata.com/codes/plone/python-en.html",
"refsource": "MISC",
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"name": "https://github.com/plone/Products.CMFPlone/issues/3209",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"name": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28734",
"datePublished": "2020-12-30T18:35:17",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4042
Vulnerability from cvelistv5
Published
2017-02-24 20:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/20/2 | mailing-list, x_refsource_MLIST | |
| https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Unauthorized disclosure of site content - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-24T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Unauthorized disclosure of site content - Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160419 Re: CVE Request: Unauthorized disclosure of site content - Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/2"
},
{
"name": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4042",
"datePublished": "2017-02-24T20:00:00",
"dateReserved": "2016-04-19T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1340
Vulnerability from cvelistv5
Published
2011-08-05 21:00
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev.plone.org/plone/ticket/6110 | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN41222793/index.html | third-party-advisory, x_refsource_JVN | |
| http://dev.plone.org/plone/changeset/12262 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"name": "JVNDB-2011-000056",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
},
{
"name": "JVN#41222793",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.plone.org/plone/changeset/12262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-05T21:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"name": "JVNDB-2011-000056",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
},
{
"name": "JVN#41222793",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.plone.org/plone/changeset/12262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.plone.org/plone/ticket/6110",
"refsource": "CONFIRM",
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"name": "JVNDB-2011-000056",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
},
{
"name": "JVN#41222793",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"name": "http://dev.plone.org/plone/changeset/12262",
"refsource": "CONFIRM",
"url": "http://dev.plone.org/plone/changeset/12262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1340",
"datePublished": "2011-08-05T21:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:40:36.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7939
Vulnerability from cvelistv5
Published
2020-01-23 20:38
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7939",
"datePublished": "2020-01-23T20:38:34",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28736
Vulnerability from cvelistv5
Published
2020-12-30 18:40
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.misakikata.com/codes/plone/python-en.html | x_refsource_MISC | |
| https://github.com/plone/Products.CMFPlone/issues/3209 | x_refsource_MISC | |
| https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T18:40:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.misakikata.com/codes/plone/python-en.html",
"refsource": "MISC",
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"name": "https://github.com/plone/Products.CMFPlone/issues/3209",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"name": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28736",
"datePublished": "2020-12-30T18:40:52",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7315
Vulnerability from cvelistv5
Published
2017-09-25 17:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1264791 | x_refsource_CONFIRM | |
| https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/09/22/13 | mailing-list, x_refsource_MLIST | |
| https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
},
{
"name": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
},
{
"name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
},
{
"name": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7315",
"datePublished": "2017-09-25T17:00:00",
"dateReserved": "2015-09-22T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4191
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=978453 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4191",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5487
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/03 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5487",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5494
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/10 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5494",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4190
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978451 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4190",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7937
Vulnerability from cvelistv5
Published
2020-01-23 20:38
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7937",
"datePublished": "2020-01-23T20:38:51",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:23.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4193
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=978469 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4193",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4194
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978470 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4194",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33510
Vulnerability from cvelistv5
Published
2021-05-21 21:32
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33510",
"datePublished": "2021-05-21T21:32:39",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4197
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=978478 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4197",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7293
Vulnerability from cvelistv5
Published
2017-09-25 21:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38411/ | exploit, x_refsource_EXPLOIT-DB | |
| https://plone.org/security/hotfix/20151006 | x_refsource_CONFIRM | |
| https://pypi.python.org/pypi/plone4.csrffixes | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"
},
{
"name": "38411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38411/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20151006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/plone4.csrffixes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"
},
{
"name": "38411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38411/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20151006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/plone4.csrffixes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"
},
{
"name": "38411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38411/"
},
{
"name": "https://plone.org/security/hotfix/20151006",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20151006"
},
{
"name": "https://pypi.python.org/pypi/plone4.csrffixes",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/plone4.csrffixes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7293",
"datePublished": "2017-09-25T21:00:00",
"dateReserved": "2015-09-18T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33926
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-19 14:13
Severity ?
EPSS score ?
Summary
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-33926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:12:55.386751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:13:01.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://plone.org/security/hotfix/20210518"
},
{
"url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"
},
{
"url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33926",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T14:13:01.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32633
Vulnerability from cvelistv5
Published
2021-05-21 13:55
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | x_refsource_CONFIRM | |
| https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/21/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST | |
| https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zopefoundation | Zope |
Version: < 4.6 Version: >= 5.0, < 5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
},
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T11:47:33",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
],
"source": {
"advisory": "GHSA-5pr9-v234-jw36",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution via traversal in TAL expressions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32633",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via traversal in TAL expressions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zope",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
},
{
"version_value": "\u003e= 5.0, \u003c 5.2"
}
]
}
}
]
},
"vendor_name": "zopefoundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"name": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/",
"refsource": "MISC",
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
]
},
"source": {
"advisory": "GHSA-5pr9-v234-jw36",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32633",
"datePublished": "2021-05-21T13:55:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1950
Vulnerability from cvelistv5
Published
2011-06-06 19:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44775 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/48005 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67695 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/72729 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/8269 | third-party-advisory, x_refsource_SREASON | |
| http://plone.org/products/plone/security/advisories/CVE-2011-1950 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/518155/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44775"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"name": "plone-data-security-bypass(67695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
},
{
"name": "72729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72729"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44775"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"name": "plone-data-security-bypass(67695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
},
{
"name": "72729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72729"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1950",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7060
Vulnerability from cvelistv5
Published
2014-05-02 14:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/20131210/path-leak | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/12/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/12/10/15 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/20131210/path-leak"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-02T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/20131210/path-leak"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/20131210/path-leak",
"refsource": "CONFIRM",
"url": "https://plone.org/security/20131210/path-leak"
},
{
"name": "[oss-security] 20131211 Re: CVE request for Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"name": "[oss-security] 20131210 CVE request for Plone",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7060",
"datePublished": "2014-05-02T14:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7137
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| https://plone.org/security/hotfix/20160830/open-redirection-in-plone | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7137",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4249
Vulnerability from cvelistv5
Published
2006-12-07 23:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21460 | vdb-entry, x_refsource_BID | |
| http://plone.org/about/security/advisories/cve-2006-4249/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/23240 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30762 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4878 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"name": "23240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23240"
},
{
"name": "plone-group-spoofing(30762)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
},
{
"name": "ADV-2006-4878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "21460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"name": "23240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23240"
},
{
"name": "plone-group-spoofing(30762)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
},
{
"name": "ADV-2006-4878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21460"
},
{
"name": "http://plone.org/about/security/advisories/cve-2006-4249/",
"refsource": "CONFIRM",
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"name": "23240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23240"
},
{
"name": "plone-group-spoofing(30762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
},
{
"name": "ADV-2006-4878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4249",
"datePublished": "2006-12-07T23:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1948
Vulnerability from cvelistv5
Published
2011-06-06 19:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44775 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/48005 | vdb-entry, x_refsource_BID | |
| http://plone.org/products/plone/security/advisories/CVE-2011-1948 | x_refsource_CONFIRM | |
| http://osvdb.org/72727 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/44776 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/8269 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67693 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/518155/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44775"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
},
{
"name": "72727",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72727"
},
{
"name": "44776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44776"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"name": "plone-unspec-xss(67693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44775"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
},
{
"name": "72727",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72727"
},
{
"name": "44776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44776"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"name": "plone-unspec-xss(67693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1948",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5502
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/18 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5502",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5486
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/zope2/+bug/930812 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/02 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5486",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7941
Vulnerability from cvelistv5
Published
2020-01-23 20:38
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7941",
"datePublished": "2020-01-23T20:38:13",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35959
Vulnerability from cvelistv5
Published
2021-06-30 00:41
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/06/30/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents"
},
{
"name": "[oss-security] 20210630 Plone: stored XSS in folder contents",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T20:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents"
},
{
"name": "[oss-security] 20210630 Plone: stored XSS in folder contents",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents"
},
{
"name": "[oss-security] 20210630 Plone: stored XSS in folder contents",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35959",
"datePublished": "2021-06-30T00:41:54",
"dateReserved": "2021-06-30T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3313
Vulnerability from cvelistv5
Published
2021-05-20 15:34
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/download/releases/5.2.3 | x_refsource_MISC | |
| https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt | x_refsource_MISC | |
| https://plone.org/security/hotfix/20210518 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/download/releases/5.2.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user\u0027s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim\u0027s browser if the victim opens a vulnerable page containing an XSS payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/download/releases/5.2.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user\u0027s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim\u0027s browser if the victim opens a vulnerable page containing an XSS payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/download/releases/5.2.3",
"refsource": "MISC",
"url": "https://plone.org/download/releases/5.2.3"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
},
{
"name": "https://plone.org/security/hotfix/20210518",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3313",
"datePublished": "2021-05-20T15:34:13",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5485
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT | |
| https://plone.org/products/plone/security/advisories/20121106/01 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5485",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33509
Vulnerability from cvelistv5
Published
2021-05-21 21:33
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33509",
"datePublished": "2021-05-21T21:33:00",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5497
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/13 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/13"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/13"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5497",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4571
Vulnerability from cvelistv5
Published
2008-10-15 18:12
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27098 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28293 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/releases/3.0.4 | x_refsource_CONFIRM | |
| http://dev.plone.org/plone/ticket/7439 | x_refsource_CONFIRM | |
| http://osvdb.org/40660 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:19.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27098"
},
{
"name": "28293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/releases/3.0.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.plone.org/plone/ticket/7439"
},
{
"name": "40660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27098"
},
{
"name": "28293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/releases/3.0.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.plone.org/plone/ticket/7439"
},
{
"name": "40660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27098"
},
{
"name": "28293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28293"
},
{
"name": "http://plone.org/products/plone/releases/3.0.4",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/releases/3.0.4"
},
{
"name": "http://dev.plone.org/plone/ticket/7439",
"refsource": "CONFIRM",
"url": "http://dev.plone.org/plone/ticket/7439"
},
{
"name": "40660",
"refsource": "OSVDB",
"url": "http://osvdb.org/40660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4571",
"datePublished": "2008-10-15T18:12:00",
"dateReserved": "2008-10-15T00:00:00",
"dateUpdated": "2024-08-07T10:24:19.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0662
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34664 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50061 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/34840 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/cve-2009-0662 | x_refsource_CONFIRM | |
| http://osvdb.org/53975 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34664"
},
{
"name": "plone-unspecified-session-hijacking(50061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
},
{
"name": "34840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"name": "53975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34664"
},
{
"name": "plone-unspecified-session-hijacking(50061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
},
{
"name": "34840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"name": "53975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34664"
},
{
"name": "plone-unspecified-session-hijacking(50061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
},
{
"name": "34840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34840"
},
{
"name": "http://plone.org/products/plone/security/advisories/cve-2009-0662",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"name": "53975",
"refsource": "OSVDB",
"url": "http://osvdb.org/53975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0662",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35190
Vulnerability from cvelistv5
Published
2020-12-17 01:30
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/koharin/koharin2/blob/main/CVE-2020-35190 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T01:30:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190",
"refsource": "MISC",
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35190",
"datePublished": "2020-12-17T01:30:19",
"dateReserved": "2020-12-12T00:00:00",
"dateUpdated": "2024-08-04T17:02:06.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33511
Vulnerability from cvelistv5
Published
2021-05-21 21:32
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33511",
"datePublished": "2021-05-21T21:32:24",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5489
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/05 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1079238 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5489",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7138
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7138",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29002
Vulnerability from cvelistv5
Published
2021-03-24 14:22
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/49668 | x_refsource_MISC | |
| https://github.com/plone/Products.CMFPlone/issues/3255 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the \"form.widgets.site_title\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T10:56:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/49668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3255"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the \"form.widgets.site_title\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/49668",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/49668"
},
{
"name": "https://github.com/plone/Products.CMFPlone/issues/3255",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/issues/3255"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29002",
"datePublished": "2021-03-24T14:22:30",
"dateReserved": "2021-03-22T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7147
Vulnerability from cvelistv5
Published
2017-02-04 05:20
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.curesec.com/blog/article/blog/Plone-XSS-186.html | x_refsource_MISC | |
| https://plone.org/security/hotfix/20170117 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96117 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20170117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"
},
{
"name": "96117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20170117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"
},
{
"name": "96117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"
},
{
"name": "https://plone.org/security/hotfix/20170117",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20170117"
},
{
"name": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"
},
{
"name": "96117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7147",
"datePublished": "2017-02-04T05:20:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4198
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978480 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4198",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23599
Vulnerability from cvelistv5
Published
2022-01-28 22:00
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user\u0027s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T22:00:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8"
}
],
"source": {
"advisory": "GHSA-g4c2-ghfg-g5rh",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting and Open Redirect in Products.ATContentTypes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23599",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting and Open Redirect in Products.ATContentTypes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user\u0027s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh"
},
{
"name": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8",
"refsource": "MISC",
"url": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8"
}
]
},
"source": {
"advisory": "GHSA-g4c2-ghfg-g5rh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23599",
"datePublished": "2022-01-28T22:00:15",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:43:46.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7136
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7136",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5503
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/products/plone/security/advisories/20121106/19 | x_refsource_CONFIRM | |
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/19"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/19"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5503",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4030
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46323 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/50287 | vdb-entry, x_refsource_BID | |
| http://plone.org/products/plone-hotfix/releases/20110928 | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46323"
},
{
"name": "50287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46323"
},
{
"name": "50287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0",
"refsource": "CONFIRM",
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46323"
},
{
"name": "50287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50287"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20110928",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4030",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7139
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone"
},
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7139",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33508
Vulnerability from cvelistv5
Published
2021-05-21 21:33
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33508",
"datePublished": "2021-05-21T21:33:12",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5495
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/11 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to \"go_back.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5495",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000481
Vulnerability from cvelistv5
Published
2018-01-03 18:00
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20171128/open-redirection-on-login-form | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a \u0027came_from\u0027 parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000481",
"REQUESTER": "security@plone.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a \u0027came_from\u0027 parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000481",
"datePublished": "2018-01-03T18:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:36.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7135
Vulnerability from cvelistv5
Published
2017-03-07 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Oct/80 | mailing-list, x_refsource_FULLDISC | |
| https://plone.org/security/hotfix/20160830/filesystem-information-leak | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/09/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/05/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/539572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/92752 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"name": "20161019 Multiple Vulnerabilities in Plone CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"name": "https://plone.org/security/hotfix/20160830/filesystem-information-leak",
"refsource": "CONFIRM",
"url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"name": "20161012 Multiple Vulnerabilities in Plone CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"name": "92752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7135",
"datePublished": "2017-03-07T16:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3587
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=742297 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46221 | third-party-advisory, x_refsource_SECUNIA | |
| http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46323 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/20110928 | x_refsource_CONFIRM | |
| http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587 | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20110928 | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"name": "46221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"name": "46221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3587",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7938
Vulnerability from cvelistv5
Published
2020-01-23 20:38
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20200121 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/01/22/1 | x_refsource_MISC | |
| https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/24/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20200121",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"name": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"
},
{
"name": "[oss-security] 20200124 Re: Plone security hotfix 20200121",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7938",
"datePublished": "2020-01-23T20:38:42",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5498
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/14 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/09/7 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5498",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7062
Vulnerability from cvelistv5
Published
2020-01-02 18:18
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/20131210/zope-xss-in-OFS | x_refsource_CONFIRM | |
| https://plone.org/security/20131210/zope-xss-in-browseridmanager | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q4/467 | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q4/485 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89623 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89627 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:18:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/20131210/zope-xss-in-OFS",
"refsource": "CONFIRM",
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"name": "https://plone.org/security/20131210/zope-xss-in-browseridmanager",
"refsource": "CONFIRM",
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
},
{
"name": "http://seclists.org/oss-sec/2013/q4/467",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"name": "http://seclists.org/oss-sec/2013/q4/485",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7062",
"datePublished": "2020-01-02T18:18:18",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5492
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/08 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/08"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/08"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5492",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21336
Vulnerability from cvelistv5
Published
2021-03-08 20:40
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p | x_refsource_CONFIRM | |
| https://pypi.org/project/Products.PluggableAuthService/ | x_refsource_MISC | |
| https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/21/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zopefoundation | Products.PluggableAuthService |
Version: < 2.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pypi.org/project/Products.PluggableAuthService/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Products.PluggableAuthService",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install \"Products.PluggableAuthService\u003e=2.6.0\"`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pypi.org/project/Products.PluggableAuthService/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"source": {
"advisory": "GHSA-p75f-g7gx-2r7p",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21336",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Products.PluggableAuthService",
"version": {
"version_data": [
{
"version_value": "\u003c 2.6.0"
}
]
}
}
]
},
"vendor_name": "zopefoundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install \"Products.PluggableAuthService\u003e=2.6.0\"`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p"
},
{
"name": "https://pypi.org/project/Products.PluggableAuthService/",
"refsource": "MISC",
"url": "https://pypi.org/project/Products.PluggableAuthService/"
},
{
"name": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
},
"source": {
"advisory": "GHSA-p75f-g7gx-2r7p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21336",
"datePublished": "2021-03-08T20:40:17",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5499
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/15 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5499",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5504
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/20 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5504",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4247
Vulnerability from cvelistv5
Published
2006-09-29 19:00
Modified
2024-09-16 17:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/about/security/advisories/cve-2006-4247 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to \"an erroneous security declaration.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-29T19:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to \"an erroneous security declaration.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plone.org/about/security/advisories/cve-2006-4247",
"refsource": "CONFIRM",
"url": "http://plone.org/about/security/advisories/cve-2006-4247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4247",
"datePublished": "2006-09-29T19:00:00Z",
"dateReserved": "2006-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:48:12.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5501
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/17 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5501",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33507
Vulnerability from cvelistv5
Published
2021-05-21 21:33
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33507",
"datePublished": "2021-05-21T21:33:31",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33512
Vulnerability from cvelistv5
Published
2021-05-21 21:32
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33512",
"datePublished": "2021-05-21T21:32:10",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5508
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1071067 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/24 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121124 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5508",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1949
Vulnerability from cvelistv5
Published
2011-06-06 19:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/72728 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/44775 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/CVE-2011-1949 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/48005 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44776 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/8269 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67694 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/518155/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72728"
},
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"name": "44776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44776"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"name": "plone-portalportal-xss(67694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "72728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72728"
},
{
"name": "44775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
},
{
"name": "48005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48005"
},
{
"name": "44776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44776"
},
{
"name": "8269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8269"
},
{
"name": "plone-portalportal-xss(67694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
},
{
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1949",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4189
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=978450 | x_refsource_CONFIRM | |
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4189",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5493
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/09 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5493",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4192
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://plone.org/products/plone/security/advisories/20130618-announcement | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20130618 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q3/261 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=978464 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4192",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0720
Vulnerability from cvelistv5
Published
2011-02-03 16:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/70753 | vdb-entry, x_refsource_OSVDB | |
| http://plone.org/products/plone/security/advisories/cve-2011-0720 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/46102 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/43146 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2011-0393.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2011/0796 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43914 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025258 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2011-0394.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
},
{
"name": "46102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46102"
},
{
"name": "43146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43146"
},
{
"name": "RHSA-2011:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html"
},
{
"name": "plone-unspec-priv-escalation(65099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"
},
{
"name": "ADV-2011-0796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0796"
},
{
"name": "43914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43914"
},
{
"name": "1025258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025258"
},
{
"name": "RHSA-2011:0394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
},
{
"name": "46102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46102"
},
{
"name": "43146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43146"
},
{
"name": "RHSA-2011:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html"
},
{
"name": "plone-unspec-priv-escalation(65099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"
},
{
"name": "ADV-2011-0796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0796"
},
{
"name": "43914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43914"
},
{
"name": "1025258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025258"
},
{
"name": "RHSA-2011:0394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70753",
"refsource": "OSVDB",
"url": "http://osvdb.org/70753"
},
{
"name": "http://plone.org/products/plone/security/advisories/cve-2011-0720",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
},
{
"name": "46102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46102"
},
{
"name": "43146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43146"
},
{
"name": "RHSA-2011:0393",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html"
},
{
"name": "plone-unspec-priv-escalation(65099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"
},
{
"name": "ADV-2011-0796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0796"
},
{
"name": "43914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43914"
},
{
"name": "1025258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025258"
},
{
"name": "RHSA-2011:0394",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0720",
"datePublished": "2011-02-03T16:00:00",
"dateReserved": "2011-01-31T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-09-25 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator."
},
{
"lang": "es",
"value": "Plone desde la versi\u00f3n 3.3.0 hasta la 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la 4.1.6, desde la 4.2.0 hasta la 4.2.7, desde la 4.3.0 hasta la 4.3.6 y la 5.0rc1 permite que los atacantes remotos a\u00f1adan un nuevo miembro a un sitio Plone con el registro activado, sin el conocimiento del administrador del sitio."
}
],
"id": "CVE-2015-7315",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T17:29:00.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 18:29
Modified
2024-11-21 03:04
Severity ?
Summary
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF50C9-1710-48F6-ADD7-E23C10385726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DAC05-E1F0-4791-9B98-2AC0A370E885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "191E3004-2D6C-4F15-99C5-6E9B78606712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41CCC319-0F03-4DD4-8D99-32402A1E2B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B31894A8-1122-4212-8521-2E741321B6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "862A10FA-5E6F-4AEB-89E9-279DEDE9F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "EDBCFF87-68FE-4A1B-90AE-DB0ABC814A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "811AB79A-14F9-46A1-BF30-8BFA65E555F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*",
"matchCriteriaId": "F592B13B-6AC0-4E0F-9860-E7A9EC994EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ADCF80F-A850-4050-8540-99D9B514D6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a \u0027came_from\u0027 parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix."
},
{
"lang": "es",
"value": "Cuando visitas una p\u00e1gina en la que necesitas iniciar sesi\u00f3n, Plone 2.5-5.1rc1 te env\u00eda al formulario de inicio de sesi\u00f3n con un par\u00e1metro \"came_from\" establecido para la url anterior. Tras iniciar sesi\u00f3n, se te redirige a la p\u00e1gina que intentabas ver antes. Un atacante podr\u00eda intentar provecharse de esto dejando que hagas clic en un enlace especialmente manipulado. Al iniciar sesi\u00f3n, se te redirigir\u00eda al sitio del atacante, dejando que creas que sigues en el sitio de Plone original. O se podr\u00eda ejecutar tambi\u00e9n JavaScript del atacante. La mayor\u00eda de estos ataques ya est\u00e1n bloqueados por Plone, empleando la comprobaci\u00f3n \"isURLInPortal\" para asegurarse de que solo redirigimos a una p\u00e1gina en el mismo sitio de Plone. Sin embargo, se han descubierto m\u00e1s formas de enga\u00f1ar a Plone para que acepte un enlace malicioso, que se han solucionado con este hotfix."
}
],
"id": "CVE-2017-1000481",
"lastModified": "2024-11-21T03:04:49.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T18:29:00.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
},
{
"lang": "es",
"value": "python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar c\u00f3digo Python a trav\u00e9s de una URL manipulada, relacionado con createObject."
}
],
"id": "CVE-2012-5488",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.953",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-18 13:15
Modified
2024-11-21 08:47
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Summary
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5833440-BAF5-4503-AAAF-F5A5BDA8CFBB",
"versionEndExcluding": "6.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de Cross-Frame Scripting en Plone CMS que afecta a la versi\u00f3n inferior a 6.0.5. Un atacante podr\u00eda almacenar una URL maliciosa para que la abra un administrador y ejecutar un elemento iframe malicioso."
}
],
"id": "CVE-2024-0669",
"lastModified": "2024-11-21T08:47:06.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-18T13:15:09.177",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "cve-coordination@incibe.es",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-15 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C047BD17-7523-4751-9331-EED767783308",
"versionEndIncluding": "3.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E0884-D0A4-4511-AD4B-DBB09CB8080E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "C577B46C-7692-4B6F-B487-A28F73D403F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo LiveSearch de Plone antes de 3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el campo Description para resultados de b\u00fasqueda, como se demostr\u00f3 utilizando el evento Javascript onerror en una etiqueta IMG."
}
],
"id": "CVE-2008-4571",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-15T20:00:03.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://dev.plone.org/plone/ticket/7439"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40660"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone/releases/3.0.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28293"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://dev.plone.org/plone/ticket/7439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone/releases/3.0.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-30 01:15
Modified
2024-11-21 06:12
Severity ?
Summary
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/06/30/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/06/30/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field."
},
{
"lang": "es",
"value": "En Plone versiones 5.0 hasta 5.2.4, unos editores son vulnerables a un ataque de tipo XSS en la vista de contenido de carpetas, si un colaborador ha creado una carpeta con una etiqueta SCRIPT en el campo description"
}
],
"id": "CVE-2021-35959",
"lastModified": "2024-11-21T06:12:50.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-30T01:15:07.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-28 22:15
Modified
2024-11-21 06:48
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "085289BA-3499-4F4E-98F8-B92B89C5D7DF",
"versionEndExcluding": "3.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user\u0027s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory."
},
{
"lang": "es",
"value": "Products.ATContentTypes son los tipos de contenido principales para Plone versiones 2.1 - 4.3. Las versiones de Plone que dependen de Products.ATContentTypes anteriores a 3.0.6, son vulnerables a un ataque de tipo cross site scripting reflejado y a un redireccionamiento abierto cuando un atacante puede conseguir una versi\u00f3n comprometida de la p\u00e1gina image_view_fullscreen en una cach\u00e9, por ejemplo en Varnish. La t\u00e9cnica es conocida como envenenamiento de la cach\u00e9. Cualquier visitante posterior puede ser redirigido cuando haga clic en un enlace de esta p\u00e1gina. Normalmente s\u00f3lo est\u00e1n afectados los usuarios an\u00f3nimos, pero esto depende de la configuraci\u00f3n de la cach\u00e9 del usuario. Ha sido publicada la versi\u00f3n 3.0.6 de Products.ATContentTypes con una correcci\u00f3n. Esta versi\u00f3n funciona s\u00f3lo en Plone versi\u00f3n 5.2, Python 2. Como soluci\u00f3n, aseg\u00farese de que la p\u00e1gina image_view_fullscreen no es almacenada en la cach\u00e9. M\u00e1s informaci\u00f3n sobre la vulnerabilidad y medidas de mitigaci\u00f3n est\u00e1n disponibles en el GitHub Security Advisory"
}
],
"id": "CVE-2022-23599",
"lastModified": "2024-11-21T06:48:54.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-28T22:15:17.023",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-05 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | * | |
| plone | plone | 1.0 | |
| plone | plone | 1.0.1 | |
| plone | plone | 1.0.2 | |
| plone | plone | 1.0.3 | |
| plone | plone | 1.0.4 | |
| plone | plone | 1.0.5 | |
| plone | plone | 1.0.6 | |
| plone | plone | 2.0 | |
| plone | plone | 2.0.1 | |
| plone | plone | 2.0.2 | |
| plone | plone | 2.0.3 | |
| plone | plone | 2.0.4 | |
| plone | plone | 2.0.5 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2F95D-CF10-4C7E-8601-2B2107F87AEA",
"versionEndIncluding": "2.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en skins/plone_templates/default_error_message.pt de Plone en versiones anteriores a la 2.5.3. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro type_name de Members/ipa/createObject."
}
],
"id": "CVE-2011-1340",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-05T21:55:01.390",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://dev.plone.org/plone/changeset/12262"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit"
],
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev.plone.org/plone/changeset/12262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/09/22/16 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1264796 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20150910 | Patch, Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20150910/header-injection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/09/22/16 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1264796 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20150910 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20150910/header-injection | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses."
},
{
"lang": "es",
"value": "Plone desde la versi\u00f3n 3.3.0 hasta la versi\u00f3n 3.3.6 permite que los atacantes remotos inyecten cabeceras en respuestas HTTP."
}
],
"id": "CVE-2015-7318",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T17:29:00.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/header-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/header-injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-24 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20160419/bypass-restricted-python | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20160419/bypass-restricted-python | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
},
{
"lang": "es",
"value": "Chameleon (five.pt) en Plone 5.0rc1 hasta la versi\u00f3n 5.1a1 permite a usuarios remotos autenticados eludir Restricted Python aprovechando permisos para crear y editar plantillas."
}
],
"id": "CVE-2016-4043",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-24T20:59:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en (1) marmoset_patch.py, (2) publish.py y (3) principiaredirect.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4195",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-11T19:37:02.817",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-24 15:15
Modified
2024-11-21 06:00
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/plone/Products.CMFPlone/issues/3255 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/49668 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plone/Products.CMFPlone/issues/3255 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/49668 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ECC7FD-E3FF-47F8-8932-55AD502B1B82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the \"form.widgets.site_title\" parameter."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en Plone CMS versi\u00f3n 5.2.3 en el site-controlpanel por medio del par\u00e1metro \"form.widgets.site_title\""
}
],
"id": "CVE-2021-29002",
"lastModified": "2024-11-21T06:00:30.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-24T15:15:12.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3255"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49668"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-08 21:15
Modified
2024-11-21 08:58
Severity ?
Summary
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB57250-2183-41C5-9EC2-6D32A991516D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them."
},
{
"lang": "es",
"value": "Los m\u00e9todos HTTP PUT y DELETE est\u00e1n habilitados en la versi\u00f3n 5.2.13 (5221) oficial de Docker de Plone, lo que permite a atacantes no autenticados ejecutar acciones peligrosas como cargar archivos al servidor o eliminarlos."
}
],
"id": "CVE-2024-23756",
"lastModified": "2024-11-21T08:58:19.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-08T21:15:08.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-24 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors."
},
{
"lang": "es",
"value": "Plone 3.3 hasta la versi\u00f3n 5.1a1 permite a atacantes remotos obtener informaci\u00f3n sobre la ID de contenido sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4042",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-24T20:59:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C642969-E7A3-4ED4-B9DB-ADD9047F5873",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site."
},
{
"lang": "es",
"value": "Un problema de tipo XSS en el campo title en Plone versiones 5.0 hasta 5.2.1, permite a usuarios con un determinado nivel de privilegio insertar JavaScript que ser\u00e1 ejecutado cuando otros usuarios accedan al sitio."
}
],
"id": "CVE-2020-7937",
"lastModified": "2024-11-21T05:38:02.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors."
},
{
"lang": "es",
"value": "ftp.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer el contenido de carpetas escondidas a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5503",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.733",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/19"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive."
},
{
"lang": "es",
"value": "zip.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente restricciones de acceso cuando involucra contenido en un archivo zip, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de un archivo generado."
}
],
"id": "CVE-2013-4191",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.473",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978453"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la infraestructura de comprobaci\u00f3n de URL en Plone CMS 5.x hasta la versi\u00f3n 5.0.6, 4.x hasta la versi\u00f3n 4.3.11 y 3.3.x hasta la versi\u00f3n 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-7138",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:01.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed)."
},
{
"lang": "es",
"value": "(1) cb_decode.py y (2) linkintegrity.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de un archivo zip grande, el cual es expandido (descomprimido)."
}
],
"id": "CVE-2013-4199",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-11T19:37:02.850",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.misakikata.com/codes/plone/python-en.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.misakikata.com/codes/plone/python-en.html | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD82FD3-BE50-4B23-AF04-9FDF79E5B748",
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role."
},
{
"lang": "es",
"value": "Plone versiones anteriores a 5.2.3, permite ataques de tipo XXE por medio de una funcionalidad que solo est\u00e1 disponible expl\u00edcitamente para el rol de administrador."
}
],
"id": "CVE-2020-28734",
"lastModified": "2024-11-21T05:23:09.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T19:15:13.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en (1) spamProtect.py, (2) pts.py y (3) request.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4190",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-11T19:37:02.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 4.3.10 | |
| plone | plone | 4.3.11 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 | |
| plone | plone | 5.0.5 | |
| plone | plone | 5.0.6 | |
| plone | plone | 5.1a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Plone CMS 5.x hasta la versi\u00f3n 5.0.6 y 4.2.x hasta la versi\u00f3n 4.3.11 permite a administradores remotos leer archivos arbitrarios a trav\u00e7es de .. (punto punto) en el par\u00e1metro path en una acci\u00f3n getFile a Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."
}
],
"id": "CVE-2016-7135",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/filesystem-information-leak"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | cmfeditions | 2.0a1 | |
| plone | cmfeditions | 2.0b1 | |
| plone | cmfeditions | 2.0b2 | |
| plone | cmfeditions | 2.0b3 | |
| plone | cmfeditions | 2.0b4 | |
| plone | cmfeditions | 2.0b5 | |
| plone | cmfeditions | 2.0b6 | |
| plone | cmfeditions | 2.0b7 | |
| plone | cmfeditions | 2.0b8 | |
| plone | cmfeditions | 2.0b9 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2a1 | |
| plone | plone | 4.2a2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E94E45E-ADAC-4CD6-B7E9-3F7C4C501BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC31071B-BD99-490F-8B86-5441949AF65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "07243926-511B-4464-96BA-B5FF2829FB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB08BCC-175E-4D97-B0E7-C5BA415DA45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA5BDE2-D9A7-4088-B32A-C10DFC931792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "19166094-7736-4B98-A5E6-AD173ED4BC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "00E46DF5-093B-4194-90DE-EC156D9E308D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF4166A-265D-4DB7-B629-C2C729EA8BAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*",
"matchCriteriaId": "6582FFEB-3F3A-4F4A-83A5-56DB5F66C1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*",
"matchCriteriaId": "B05ADE03-C904-4923-8931-28B154A3D01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
},
{
"lang": "es",
"value": "El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587."
}
],
"id": "CVE-2011-4030",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-10T10:55:06.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50287"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 20:29
Modified
2024-11-21 03:04
Severity ?
Summary
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF50C9-1710-48F6-ADD7-E23C10385726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DAC05-E1F0-4791-9B98-2AC0A370E885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "191E3004-2D6C-4F15-99C5-6E9B78606712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41CCC319-0F03-4DD4-8D99-32402A1E2B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B31894A8-1122-4212-8521-2E741321B6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "862A10FA-5E6F-4AEB-89E9-279DEDE9F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "EDBCFF87-68FE-4A1B-90AE-DB0ABC814A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "811AB79A-14F9-46A1-BF30-8BFA65E555F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*",
"matchCriteriaId": "F592B13B-6AC0-4E0F-9860-E7A9EC994EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ADCF80F-A850-4050-8540-99D9B514D6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don\u0027t want to make it too easy for attackers by spelling it out here.)"
},
{
"lang": "es",
"value": "Al enlazar a una URL espec\u00edfica en Plone 2.5-5.1rc1 con un par\u00e1metro, un atacante podr\u00eda enviarte a su propia p\u00e1gina web. Por s\u00ed mismo, no es tan malo: al atacante le resultar\u00eda m\u00e1s sencillo enlazar directamente a su propio sitio web. Pero, en combinaci\u00f3n con otro ataque, podr\u00edas ser enviado al formulario de inicio de sesi\u00f3n de Plone, iniciar la sesi\u00f3n, ser redirigido a la URL espec\u00edfica y volver a ser redireccionado al sitio web del atacante. (La URL espec\u00edfica puede verse inspeccionando el c\u00f3digo del hotfix, pero no queremos pon\u00e9rselo f\u00e1cil a los atacantes poni\u00e9ndolo por aqu\u00ed)."
}
],
"id": "CVE-2017-1000484",
"lastModified": "2024-11-21T03:04:50.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T20:29:00.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 18:06
Modified
2025-04-03 01:03
Severity ?
Summary
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "C577B46C-7692-4B6F-B487-A28F73D403F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits."
}
],
"id": "CVE-2006-1711",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19633"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19640"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17484"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
},
{
"source": "cve@mitre.org",
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49083E-AD3B-47DD-A66B-911912EF46B3",
"versionEndIncluding": "2.13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
},
{
"lang": "es",
"value": "Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de n\u00fameros seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor a trav\u00e9s de vectores no especificados. NOTA: este problema fue dividido (SPLIT) de CVE-2012-5508 debido a tipos diferentes de vulnerabilidades (ADT2)."
}
],
"id": "CVE-2012-6661",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:05.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "cve@mitre.org",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1082D19E-F807-428D-B814-EAF892A5EFF1",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission."
},
{
"lang": "es",
"value": "Un problema de escalada de privilegios en plone.app.contenttypes en Plone versiones 4.3 hasta 5.2.1, permite a usuarios COLOCAR (sobrescribir) parte del contenido sin necesario un permiso de escritura."
}
],
"id": "CVE-2020-7941",
"lastModified": "2024-11-21T05:38:03.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns."
},
{
"lang": "es",
"value": "python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un valor grande, relacionado con formatColumns."
}
],
"id": "CVE-2012-5499",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.563",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/15"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 18:29
Modified
2024-11-21 03:04
Severity ?
Summary
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF50C9-1710-48F6-ADD7-E23C10385726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DAC05-E1F0-4791-9B98-2AC0A370E885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "191E3004-2D6C-4F15-99C5-6E9B78606712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41CCC319-0F03-4DD4-8D99-32402A1E2B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B31894A8-1122-4212-8521-2E741321B6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "862A10FA-5E6F-4AEB-89E9-279DEDE9F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "646C7460-03B8-4F38-9DD8-404299F10E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "EDBCFF87-68FE-4A1B-90AE-DB0ABC814A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "811AB79A-14F9-46A1-BF30-8BFA65E555F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*",
"matchCriteriaId": "F592B13B-6AC0-4E0F-9860-E7A9EC994EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ADCF80F-A850-4050-8540-99D9B514D6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5."
},
{
"lang": "es",
"value": "Acceso a contenido privado mediante str.format plantillas y scripts a trav\u00e9s de la web en Plone 2.5-5.1rc1. Esto mejora un hotfix anterior. Debido a que el m\u00e9todo format se introdujo en Python 2.6, esta parte del hotfix solo es relevante para Plone 4 y 5."
}
],
"id": "CVE-2017-1000483",
"lastModified": "2024-11-21T03:04:50.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T18:29:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/sandbox-escape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/sandbox-escape"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-07 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en PlonePAS en Plone 2.5 y 2.5.1, cuando est\u00e1 habilitado el registro de miembros an\u00f3nimos, permite a un atacante \"hacerse pasar por un grupo\"."
}
],
"id": "CVE-2006-4249",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-07T23:28:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23240"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21460"
},
{
"source": "security@debian.org",
"url": "http://www.vupen.com/english/advisories/2006/4878"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la p\u00e1gina ZMI en Zope2 en Plone CMS 5.x hasta la versi\u00f3n 5.0.6, 4.x hasta la versi\u00f3n 4.3.11 y 3.3.x hasta la versi\u00f3n 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-7140",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL."
},
{
"lang": "es",
"value": "uid_catalog.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos obtener metadatos sobre objetos escondidos a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-5492",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.173",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Plone desde la versi\u00f3n 3.3.0 hasta la versi\u00f3n 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la 4.1.6, desde la 4.2.0 hasta la 4.2.7, en las versiones 4.3.x anteriores a la 4.3.7 y 5.0rc1."
}
],
"id": "CVE-2015-7316",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T17:29:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access."
},
{
"lang": "es",
"value": "python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una solicitud de alimentaci\u00f3n RSS para una carpeta al cual el usuario no tiene permiso de acceso."
}
],
"id": "CVE-2012-5506",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/22"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors."
},
{
"lang": "es",
"value": "sendto.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a usuarios remotos autenticados falsificar emails a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4192",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.787",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 18:29
Modified
2024-11-21 03:04
Severity ?
Summary
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971A623D-32CD-41A2-9659-2A73787863AA",
"versionEndIncluding": "5.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "EDBCFF87-68FE-4A1B-90AE-DB0ABC814A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "811AB79A-14F9-46A1-BF30-8BFA65E555F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*",
"matchCriteriaId": "F592B13B-6AC0-4E0F-9860-E7A9EC994EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ADCF80F-A850-4050-8540-99D9B514D6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page."
},
{
"lang": "es",
"value": "Un miembro del sitio de Plone 2.5-5.1rc1 podr\u00eda introducir JavaScript en la propiedad home_page de su perfil, y hacer que se ejecute cuando un visitante hace clic en el enlace de la p\u00e1gina de inicio en la p\u00e1gina del autor."
}
],
"id": "CVE-2017-1000482",
"lastModified": "2024-11-21T03:04:49.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T18:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/01/18/6 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95679 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://plone.org/security/hotfix/20170117/sandbox-escape | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/01/18/6 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95679 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20170117/sandbox-escape | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 4.3.10 | |
| plone | plone | 4.3.11 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 | |
| plone | plone | 5.0.5 | |
| plone | plone | 5.0.6 | |
| plone | plone | 5.1 | |
| plone | plone | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method."
},
{
"lang": "es",
"value": "Plone 4.x en veriones hasta 4.3.11 y 5.x en versiones hasta 5.0.6 permiten atacantes remotos evitar un mecanismo de protecci\u00f3n sandbox y obtener informaci\u00f3n sensible aprovechando el m\u00e9todo de formato de cadenas Python."
}
],
"id": "CVE-2017-5524",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T16:59:00.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117/sandbox-escape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117/sandbox-escape"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-02 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope."
},
{
"lang": "es",
"value": "Products/CMFPlone/FactoryTool.py en Plone 3.3 hasta 4.3.2 permite a atacantes remotos obtener la ruta de instalaci\u00f3n a trav\u00e9s de vectores relacionados con un objeto de archivo para documentaci\u00f3n no especificada que es inicializada en el \u00e1mbito de clase."
}
],
"id": "CVE-2013-7060",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-02T14:55:05.340",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/path-leak"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/path-leak"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite un ataque de tipo XSS almacenado (por un Colaborador) al cargar un documento SVG o HTML"
}
],
"id": "CVE-2021-33512",
"lastModified": "2024-11-21T06:08:59.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id."
},
{
"lang": "es",
"value": "z3c.form, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a atacantes remotos obtener los valores de los campos de formularios por defecto medinate el aprovechamiento de conocimientos de la localizaci\u00f3n de formularios y el elemento id."
}
],
"id": "CVE-2012-5491",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/07"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-24 12:17
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PortalTransforms en Plone v2.1 hasta v3.3.4 anterior hotfix 20100612 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de safe_html transform. \r\n"
}
],
"id": "CVE-2010-2422",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-24T12:17:44.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40270"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2a1 | |
| plone | plone | 4.2a2 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.1 | |
| zope | zope | 2.12.2 | |
| zope | zope | 2.12.3 | |
| zope | zope | 2.12.4 | |
| zope | zope | 2.12.5 | |
| zope | zope | 2.12.6 | |
| zope | zope | 2.12.7 | |
| zope | zope | 2.12.8 | |
| zope | zope | 2.12.9 | |
| zope | zope | 2.12.10 | |
| zope | zope | 2.12.11 | |
| zope | zope | 2.12.12 | |
| zope | zope | 2.12.13 | |
| zope | zope | 2.12.14 | |
| zope | zope | 2.12.15 | |
| zope | zope | 2.12.16 | |
| zope | zope | 2.12.17 | |
| zope | zope | 2.12.18 | |
| zope | zope | 2.12.19 | |
| zope | zope | 2.12.20 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.1 | |
| zope | zope | 2.13.2 | |
| zope | zope | 2.13.3 | |
| zope | zope | 2.13.4 | |
| zope | zope | 2.13.5 | |
| zope | zope | 2.13.6 | |
| zope | zope | 2.13.7 | |
| zope | zope | 2.13.8 | |
| zope | zope | 2.13.9 | |
| zope | zope | 2.13.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "020F418B-589E-4864-89DB-29AAFBF41491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "FCE1948E-7DA4-4F5B-8BE0-6F775356F286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "44497A5B-01FC-4931-A478-5BC1C0E2E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "D53DE247-B6F9-43B5-A1C8-631183AF5FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "0F6993A9-74C2-443B-8C58-FA5BA972573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "029814EB-380B-4DE5-8E79-7DA8D3C78C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BA8E46A4-1706-4E2D-9353-3E7F9C70E405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "CFF98E8F-3D3D-477E-A750-59C26156FD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0F8805-2E74-40F6-BAE1-DB8187043611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A0116-BDE0-490A-8CE6-0B4B0E003887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73D8DF4A-46E9-4D1F-88DF-2C0EB274B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB94584-6842-429F-A5E5-DFB3037B1DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3CB9CA-8F81-4E9B-B334-83D28DFBB44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0262630B-153C-47D8-A852-ADCADED1B4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5E37A4-EE2F-4DCA-928F-553EDD487A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD494AD-C46F-455E-941B-8B6135EB3566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B485846-EC9D-426C-BFE0-A9E647D6C65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E814BB0A-D5D3-4756-8135-0A7EFF9D8538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A638BB63-7F91-4A5E-9FEC-C19E2A585CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98FD488D-8C25-4553-8F3E-E4AEACCBD23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "821C6F9D-B9F5-4525-870C-1F57943B008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB9641A-97D9-4AC7-85F8-1604D5EBFECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F5B68D-E59B-4605-869D-7FD5CCD7C6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14D1EA26-9BB1-4917-94BC-2E08864770FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEB553C-21A6-4670-A37A-C2A7D360512D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5767213A-DD93-4FDF-9E0E-B90814D71BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*",
"matchCriteriaId": "89E07BBF-DDAC-46E0-85E5-EAF01C8D3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*",
"matchCriteriaId": "46DF34B7-E1E9-4A28-B5D3-8ACDA2B0DDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "9B7A80F2-F98D-4147-971D-C0C8CC61171A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "20900397-13D4-423F-B34A-B9CF7E664290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "9D678FB1-C5EB-49DF-BAAD-81BB12AAA9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "4894BEE3-918A-4391-8EEC-37A5C0037E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "AE1ADEFB-09F4-4677-853D-670AC646C319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*",
"matchCriteriaId": "5BB1F4C5-4F42-40F5-9180-ED60257BD7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58756ADE-20C0-42E3-8732-CADF383D42C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E75387-929B-44C0-BC03-EA3B89B724D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD7C03B-191C-414D-961D-A572481ACA19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zope v2.12.x y v2.13.x, tal como se usa en Plone v4.0.x hasta v4.0.9., v4.1, y v4.2 hasta v4.2a2, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el p_ class en OFS/misc_.py y el uso de m\u00f3dulos Python."
}
],
"id": "CVE-2011-3587",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-10T10:55:06.787",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46221"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801F96D6-B2E2-4BA9-9208-7DB0B327BB93",
"versionEndIncluding": "4.3.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E831566-05DD-4090-A035-1E88806B67B4",
"versionEndExcluding": "2.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
},
{
"lang": "es",
"value": "Zope Products.CMFCore. versiones anteriores a 2.5.1, y Products.PluggableAuthService versiones anteriores a 2.6.2, como es usado en Plone versiones hasta 5.2.4, y otros productos, permiten un ataque de tipo XSS Reflejado"
}
],
"id": "CVE-2021-33507",
"lastModified": "2024-11-21T06:08:58.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 14:15
Modified
2024-11-21 06:07
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801F96D6-B2E2-4BA9-9208-7DB0B327BB93",
"versionEndIncluding": "4.3.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED4C9A0-041A-4646-B34B-901DD7EA0652",
"versionEndExcluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E88218-F6D6-45B7-B3CC-F97EF7FA2E22",
"versionEndExcluding": "5.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto.\u0026#xa0;En las versiones de Zope anteriores a 4.6 y 5.2, los usuarios pueden acceder a m\u00f3dulos que no son confiables indirectamente por medio de m\u00f3dulos de Python que est\u00e1n disponibles para uso directo.\u0026#xa0;Por defecto, solo los usuarios con la funci\u00f3n de administrador pueden agregar o editar Zope Page Templates por medio de la web, pero los sitios que permiten a usuarios no confiables agregar y editar plantillas de p\u00e1gina de Zope por medio de la web est\u00e1n en riesgo de esta vulnerabilidad.\u0026#xa0;El problema se ha solucionado en Zope versiones 5.2 y 4.6.\u0026#xa0;Como soluci\u00f3n alternativa, un administrador del sitio puede restringir la adici\u00f3n y edici\u00f3n de plantillas de p\u00e1gina Zope por medio de la web utilizando los mecanismos est\u00e1ndar de permisos user/role de Zope. Usuarios no confiables no debe ser asignado el rol de administrador de Zope y Zope Page Templates de adici\u00f3n y edici\u00f3n por medio de la web debe estar restringida solo a usuarios confiables"
}
],
"id": "CVE-2021-32633",
"lastModified": "2024-11-21T06:07:25.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T14:15:07.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite a administradores autenticados remotos conducir ataques de tipo SSRF por medio de una URL de evento para leer una l\u00ednea de un archivo"
}
],
"id": "CVE-2021-33510",
"lastModified": "2024-11-21T06:08:59.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "El componente WYSIWYG (wysiwyg.py) en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una URL manipulada, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2013-4194",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.803",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DFE77F-FB22-49E7-A4EF-AB3DA40F419A",
"versionEndIncluding": "2.13.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58756ADE-20C0-42E3-8732-CADF383D42C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E75387-929B-44C0-BC03-EA3B89B724D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringidos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5489",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plonepas:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA0C288-C190-41CB-8B86-B5C791D906E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plonepas:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E832934C-0738-47D2-A3DA-16040EA41C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plonepas:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9535495-6677-49F9-BDE1-F7472899C3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plonepas:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "447AB0B6-4016-4DD4-9151-1D90BE8B70D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plonepas:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7969846-24D4-4AE9-858D-A4292A65AADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plonepas:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A230672-0497-45C8-A511-BAD673193C25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E87B987-557F-49BB-A837-34142D9C3761",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors."
},
{
"lang": "es",
"value": "El producto PlonePAS 3.x anterior a la version 3.9 y 3.2.x en versiones anteriores a la 3.2.2, un producto para Plone, no maneja adecuadamente el formulario de login, lo que permite a atacantes remotos autenticados adquirir la identidad de un usuario de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-0662",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53975"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34840"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34664"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope."
},
{
"lang": "es",
"value": "Las p\u00e1ginas de errores en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permiten a atacantes remotos obtener n\u00fameros aleatorios y derivar el estado PRNG para la restablecimiento de contrase\u00f1as a trav\u00e9s de vectores no especificados. NOTA: este identificador fue dividido (SPLIT) per ADT2 debido a tipos diferentes de vulnerabilidades. CVE-2012-6661 fue asignado para el problema de la reinicializaci\u00f3n del PRNG en Zope."
}
],
"id": "CVE-2012-5508",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:05.883",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en Plone CMS 5.x hasta la versi\u00f3n 5.0.6, 4.x hasta la versi\u00f3n 4.3.11 y 3.3.x hasta la versi\u00f3n 3.3.6 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de URL en el par\u00e1metro referer a (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions o (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions o el par\u00e1metro (3) came_from a /login_form."
}
],
"id": "CVE-2016-7137",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 4.3.10 | |
| plone | plone | 4.3.11 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 | |
| plone | plone | 5.0.5 | |
| plone | plone | 5.0.6 | |
| plone | plone | 5.1a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request."
},
{
"lang": "es",
"value": "z3c.form en Plone CMS 5.x hasta la versi\u00f3n 5.0.6 y 4.x hasta la versi\u00f3n 4.3.11 permite a atacantes remotos llevar a cabo ataques de XSS a trav\u00e9s de una petici\u00f3n GET manipulada."
}
],
"id": "CVE-2016-7136",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:00.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-21 16:06
Modified
2025-04-11 00:51
Severity ?
Summary
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login."
},
{
"lang": "es",
"value": "El m\u00e9todo isURLInPortal en la clase URLTool en in_portal.py en Plone 2.1 a 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1, trata las URLs que comienzan con un espacio como URLs relativas, lo cual permite a atacantes sortear la propiedad de filtrado allow_external_login_sites, redirigiendo a usuarios a sitios web arbitrarios, y efectuando ataques de phishing a trav\u00e9s de un espacio antes de la URL en el par\u00e1metro \"next\" en acl_users/credentials_cookie_auth/require_login."
}
],
"id": "CVE-2013-4200",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-21T16:06:19.670",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/08/01/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/08/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-04 05:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96117 | ||
| cve@mitre.org | https://plone.org/security/hotfix/20170117 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2 | Vendor Advisory | |
| cve@mitre.org | https://www.curesec.com/blog/article/blog/Plone-XSS-186.html | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20170117 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.curesec.com/blog/article/blog/Plone-XSS-186.html | Patch, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*",
"matchCriteriaId": "DD34F775-A365-4B65-8F60-F09EDD57B2EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente manage_findResult en la funcionalidad de b\u00fasqueda de Zope ZMI en Plone en versiones anteriores a 4.3.12 y 5.x en versiones anteriores a 5.0.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores que implican comillas dobles. Como se demuestra por el par\u00e1metro obj_ids: tokens. NOTA: esta vulnerabilidad existe debido a una correcci\u00f3n incompleta para CVE-2016-7140."
}
],
"id": "CVE-2016-7147",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-04T05:59:00.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96117"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 16:15
Modified
2024-11-21 06:21
Severity ?
Summary
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/download/releases/5.2.3 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518 | Vendor Advisory | |
| cve@mitre.org | https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/download/releases/5.2.3 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC52412-A817-4ACD-AFD9-CE744680159B",
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user\u0027s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim\u0027s browser if the victim opens a vulnerable page containing an XSS payload."
},
{
"lang": "es",
"value": "Plone CMS hasta versi\u00f3n 5.2.4 presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenada en la propiedad de nombre completo del usuario y en la funcionalidad file upload.\u0026#xa0;Los datos de entrada del usuario no est\u00e1n codificados correctamente cuando son devueltos al usuario.\u0026#xa0;El navegador puede interpretar estos datos como un c\u00f3digo ejecutable y permite a un atacante ejecutar JavaScript en el contexto del navegador de la v\u00edctima si la v\u00edctima abre una p\u00e1gina vulnerable que contiene una carga \u00fatil de tipo XSS"
}
],
"id": "CVE-2021-3313",
"lastModified": "2024-11-21T06:21:16.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T16:15:08.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://plone.org/download/releases/5.2.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://plone.org/download/releases/5.2.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection."
},
{
"lang": "es",
"value": "queryCatalog.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos evadir el chacheo y causar una denegaci\u00f3n de servicio a trav\u00e9s de una solicitud manipulada en una colecci\u00f3n."
}
],
"id": "CVE-2012-5498",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.500",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/14"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.misakikata.com/codes/plone/python-en.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.misakikata.com/codes/plone/python-en.html | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD82FD3-BE50-4B23-AF04-9FDF79E5B748",
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role)."
},
{
"lang": "es",
"value": "Plone versiones anteriores a 5.2.3, permite ataques de tipo XXE por medio de una funcionalidad que est\u00e1 protegida por un permiso no aplicado de plone.schemaeditor.ManageSchemata (por lo tanto, solo est\u00e1 disponible para el rol de Administrador)."
}
],
"id": "CVE-2020-28736",
"lastModified": "2024-11-21T05:23:10.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T19:15:13.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en (1) dataitems.py, (2) get.py y (3) traverseName.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a usuarios remotos autenticados con acceso administrativo a un sub\u00e1rbol acceder a nodos por encima del sub\u00e1rbol a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-4189",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978450"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors."
},
{
"lang": "es",
"value": "gtbn.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos permisos evadir el sandbox de Python y ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5493",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.220",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/09"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request."
},
{
"lang": "es",
"value": "La secuencias de comandos de cambio de id de batch (renameObjectsByPaths.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos cambiar los t\u00edtulos de elementos del contenido mediante el aprovechamiento de un token CSRF v\u00e1lido en una solicitud manipulada."
}
],
"id": "CVE-2012-5500",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:05.663",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/16"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEB200F-344C-44D0-9CFB-44C8F0158294",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)"
},
{
"lang": "es",
"value": "Una inyecci\u00f3n SQL en DTML o en objetos de conexi\u00f3n en Plone versiones 4.0 hasta 5.2.1, permite a usuarios llevar a cabo consultas SQL no deseadas. (Esto es un problema en Zope)."
}
],
"id": "CVE-2020-7939",
"lastModified": "2024-11-21T05:38:03.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E0884-D0A4-4511-AD4B-DBB09CB8080E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "C577B46C-7692-4B6F-B487-A28F73D403F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
},
{
"lang": "es",
"value": "Plone 2.5 hasta 2.5.4 y 3.0 hasta 3.0.2 permite a atacantes remotos ejecutar c\u00f3digo Python de su elecci\u00f3n mediante informaci\u00f3n de red que contiene objetos \"serializados\" (pickled) para los m\u00f3dulos (1) statusmessages o (2) linkintegrity, los cuales son \"deserializados\" (unpickled) y ejecutados."
}
],
"id": "CVE-2007-5741",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42071"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42072"
},
{
"source": "cve@mitre.org",
"url": "http://plone.org/about/security/advisories/cve-2007-5741"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27530"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27559"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1405"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26354"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3754"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://plone.org/about/security/advisories/cve-2007-5741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4.",
"lastModified": "2007-11-08T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-19 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C4F762-6A49-4E9E-99DB-0952D8542F1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "020F418B-589E-4864-89DB-29AAFBF41491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "FCE1948E-7DA4-4F5B-8BE0-6F775356F286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "44497A5B-01FC-4931-A478-5BC1C0E2E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "D53DE247-B6F9-43B5-A1C8-631183AF5FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "0F6993A9-74C2-443B-8C58-FA5BA972573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "029814EB-380B-4DE5-8E79-7DA8D3C78C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BA8E46A4-1706-4E2D-9353-3E7F9C70E405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "CFF98E8F-3D3D-477E-A750-59C26156FD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0F8805-2E74-40F6-BAE1-DB8187043611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A0116-BDE0-490A-8CE6-0B4B0E003887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73D8DF4A-46E9-4D1F-88DF-2C0EB274B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB94584-6842-429F-A5E5-DFB3037B1DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3CB9CA-8F81-4E9B-B334-83D28DFBB44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0262630B-153C-47D8-A852-ADCADED1B4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5E37A4-EE2F-4DCA-928F-553EDD487A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD494AD-C46F-455E-941B-8B6135EB3566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B485846-EC9D-426C-BFE0-A9E647D6C65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E814BB0A-D5D3-4756-8135-0A7EFF9D8538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A638BB63-7F91-4A5E-9FEC-C19E2A585CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98FD488D-8C25-4553-8F3E-E4AEACCBD23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "821C6F9D-B9F5-4525-870C-1F57943B008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB9641A-97D9-4AC7-85F8-1604D5EBFECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F5B68D-E59B-4605-869D-7FD5CCD7C6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14D1EA26-9BB1-4917-94BC-2E08864770FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEB553C-21A6-4670-A37A-C2A7D360512D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5767213A-DD93-4FDF-9E0E-B90814D71BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "9B7A80F2-F98D-4147-971D-C0C8CC61171A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "20900397-13D4-423F-B34A-B9CF7E664290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "9D678FB1-C5EB-49DF-BAAD-81BB12AAA9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "4894BEE3-918A-4391-8EEC-37A5C0037E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "AE1ADEFB-09F4-4677-853D-670AC646C319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*",
"matchCriteriaId": "5BB1F4C5-4F42-40F5-9180-ED60257BD7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a \"highly serious vulnerability.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) PloneHotfix20110720 para Plone v3.x permite a los atacantes obtener privilegios a trav\u00e9s de vectores no especificados, en relaci\u00f3n con una \"vulnerabilidad muy grave\". NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2.011 hasta 0720."
}
],
"id": "CVE-2011-2528",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-19T20:55:01.197",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL."
},
{
"lang": "es",
"value": "at_download.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer BLOBs arbitrarios (ficheros y im\u00e1genes) almacenados en tipos de contenidos personalizados a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-5501",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/17"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en widget_traversal.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5504",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-30T14:55:06.797",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-02 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API."
},
{
"lang": "es",
"value": "Products/CMFPlone/CatalogTool.py en Plone 3.3 hasta 4.3.2 permite a administradores remotos evadir restricciones y obtener informaci\u00f3n sensible a trav\u00e9s de una API de b\u00fasqueda no especificada."
}
],
"id": "CVE-2013-7061",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-02T14:55:05.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/catalogue-exposure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/10/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/catalogue-exposure"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.misakikata.com/codes/plone/python-en.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plone/Products.CMFPlone/issues/3209 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.misakikata.com/codes/plone/python-en.html | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD82FD3-BE50-4B23-AF04-9FDF79E5B748",
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role)."
},
{
"lang": "es",
"value": "Plone versiones anteriores a 5.2.3, permite ataques de tipo SSRF por medio de la funcionalidad tracebacks (solo disponible para el rol de administrador)."
}
],
"id": "CVE-2020-28735",
"lastModified": "2024-11-21T05:23:10.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T19:15:13.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plone/Products.CMFPlone/issues/3209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.misakikata.com/codes/plone/python-en.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\""
},
{
"lang": "es",
"value": "traverser.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a atacantes remotos con privilegios de administrador causar una denegaci\u00f3n de servicio (bucle infinito y consumo de recursos) a trav\u00e9s de vectores no especificados relacionados con \"la recuperaci\u00f3n de informaci\u00f3n para ciertos recursos.\""
}
],
"id": "CVE-2013-4188",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.443",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality."
},
{
"lang": "es",
"value": "mail_password.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a usuarios remotos autenticados evadir la prohibici\u00f3n sobre el cambio de contrase\u00f1as a trav\u00e9s de la funcionalidad del email de contrase\u00f1a olvidada."
}
],
"id": "CVE-2013-4198",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.850",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978480"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing."
},
{
"lang": "es",
"value": "La funci\u00f3n sandbox whitelisting (allowmodule.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos privilegios evadir la restricci\u00f3n sandbox de Python y ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores relacionados con la importaci\u00f3n."
}
],
"id": "CVE-2012-5487",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.890",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/03"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-17 18:15
Modified
2025-03-19 15:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 4.3.10 | |
| plone | plone | 4.3.11 | |
| plone | plone | 4.3.12 | |
| plone | plone | 4.3.14 | |
| plone | plone | 4.3.15 | |
| plone | plone | 4.3.17 | |
| plone | plone | 4.3.18 | |
| plone | plone | 4.3.19 | |
| plone | plone | 4.3.20 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 | |
| plone | plone | 5.0.5 | |
| plone | plone | 5.0.6 | |
| plone | plone | 5.0.7 | |
| plone | plone | 5.0.8 | |
| plone | plone | 5.0.9 | |
| plone | plone | 5.0.10 | |
| plone | plone | 5.1 | |
| plone | plone | 5.1.1 | |
| plone | plone | 5.1.2 | |
| plone | plone | 5.1.4 | |
| plone | plone | 5.1.5 | |
| plone | plone | 5.1.6 | |
| plone | plone | 5.1.7 | |
| plone | plone | 5.1a1 | |
| plone | plone | 5.1a2 | |
| plone | plone | 5.1b2 | |
| plone | plone | 5.1b3 | |
| plone | plone | 5.1b4 | |
| plone | plone | 5.1rc1 | |
| plone | plone | 5.1rc2 | |
| plone | plone | 5.2.0 | |
| plone | plone | 5.2.1 | |
| plone | plone | 5.2.2 | |
| plone | plone | 5.2.3 | |
| plone | plone | 5.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF50C9-1710-48F6-ADD7-E23C10385726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DAC05-E1F0-4791-9B98-2AC0A370E885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "191E3004-2D6C-4F15-99C5-6E9B78606712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9B214A6F-87C5-4D5B-BA95-941FDD7A241F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8EA1E8-2F96-445E-BBFF-6530F0C53238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62A1E157-2964-4432-AD85-47E9F5CAA14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDB28B8-B3B7-48FD-BE0F-89E6B74B8960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "42E0FF72-BC1D-4993-9B05-59D4040FF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41CCC319-0F03-4DD4-8D99-32402A1E2B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B31894A8-1122-4212-8521-2E741321B6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "862A10FA-5E6F-4AEB-89E9-279DEDE9F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F47876-95CF-4943-8C87-0306D946352A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "A0B4C85B-3F89-4E80-8DC9-64B225296EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4117B63-637A-4E3D-991F-7EDEEB341B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A3021-18B9-42EA-B0A3-3B7EB845BD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "902D2C7A-EEC2-4357-95CE-81E79567DAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B18C47E6-E20D-4152-B494-DC4E8E9890DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B95AF9C5-5777-4CC9-8FB7-44DB4E664C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4125B5E5-4680-4D7E-8BED-56CF6189CC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "564B7AFA-1049-4E18-BD40-C9C4B9B31C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "87D8144D-FE7D-4E7E-AEB5-5FF83EC28DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1b2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BB89AC62-8B2E-4B86-85EA-5862E5BA4DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1b3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28C47CBF-3B29-467F-9BB2-5AA75E342743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1b4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "260165B1-DF60-4066-801D-95092737DAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1rc1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F0CFFF91-4AC1-4130-9CEC-C1A2E87CA5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1rc2:-:*:*:*:*:*:*",
"matchCriteriaId": "14A00F14-8603-46B7-861C-BFB373152A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69D95EEE-57FA-402A-A50B-2C6549AF8FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47F1344B-8A3F-41E4-9F78-9739E85BCF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9EEA27-857F-4E61-B1EC-AF910247E021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ECC7FD-E3FF-47F8-8932-55AD502B1B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08F23A62-73E9-401A-9AC1-EDEB10D02842",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet."
}
],
"id": "CVE-2021-33926",
"lastModified": "2025-03-19T15:15:36.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-17T18:15:11.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://plone.org/security/hotfix/20210518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite un ataque de tipo XSS por medio de un nombre completo que es manejado inapropiadamente durante el renderizado de la pesta\u00f1a de propiedad de un elemento de contenido"
}
],
"id": "CVE-2021-33508",
"lastModified": "2024-11-21T06:08:58.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite un ataque de tipo SSRF por medio del analizador lxml.\u0026#xa0;Esto afecta los temas Diazo, esquemas Dexterity TTW y modeladores en plone.app.theming, plone.app.dexterity y plone.supermodel"
}
],
"id": "CVE-2021-33511",
"lastModified": "2024-11-21T06:08:59.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-30 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FC0B70-E0E3-4634-B61D-C6B7F554EE9A",
"versionEndIncluding": "4.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
},
{
"lang": "es",
"value": "Plone v4.1.3 y anteriores calcula los valores hash de los par\u00e1metros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante el env\u00edo de gran cantidad de par\u00e1metros a mano."
}
],
"id": "CVE-2011-4462",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-30T01:55:01.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/47406"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"source": "cve@mitre.org",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL."
},
{
"lang": "es",
"value": "membership_tool.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos enumerar los nombres de las cuentas de usuarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-5497",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-03 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| redhat | conga | * | |
| redhat | luci | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDB782C-6A31-43A7-9A61-E94020AEE956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00AB76EC-83A6-405B-858F-CE4FF59AEAEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Plone versi\u00f3n 2.5 hasta 4.0, como se utiliza en Conga, luci, y posiblemente otros productos, permite a los atacantes remotos obtener acceso administrativo, leer o crear contenido arbitrario, y cambiar el aspecto del sitio por medio de vectores desconocidos."
}
],
"id": "CVE-2011-0720",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-03T17:00:03.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70753"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43146"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43914"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46102"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025258"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0796"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0393.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0394.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en safe_html.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5502",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-30T14:55:06.673",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-21 15:15
Modified
2024-11-21 08:20
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9AB900-6A21-4C28-8894-9BAFCB82874F",
"versionEndExcluding": "5.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:5.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A59FAF1B-D7E6-4E0D-894B-3C0FB72AC709",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C190CC-16E1-445E-B459-729304DADA6C",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8285C132-76EC-49B2-A91B-6EC5669A6CB5",
"versionEndIncluding": "6.0.4",
"versionStartIncluding": "6.0.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44357938-13EE-488F-BEB8-B2E3704E94CF",
"versionEndExcluding": "6.1.3",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E612230-2BA8-4AC1-8EA2-D33E008F66AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:plone:plone:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC97446F-B030-47D8-A7B7-C1D38EAB8BAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:namedfile:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82190457-CDB2-4347-80CA-6937AA3F42FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C2BC43-9BFB-4147-BDE8-615D4B6C6F32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds."
},
{
"lang": "es",
"value": "plone.namedfile permite a los usuarios manejar los campos `File` e `Image` dirigidos, pero no dependiendo del contenido de Plone Dexterity. Antes de las versiones 5.6.1, 6.0.3, 6.1.3 y 6.2.1, existe una vulnerabilidad de Cross-Site Scripting almacenado para im\u00e1genes SVG. Una revisi\u00f3n de seguridad de 2021 ya solucion\u00f3 parcialmente este problema al garantizar que las im\u00e1genes SVG siempre se descarguen en lugar de mostrarse en l\u00ednea. Pero el mismo problema todav\u00eda existe para las escalas de im\u00e1genes SVG. Tenga en cuenta que una etiqueta de imagen con una imagen SVG como fuente no es vulnerable, incluso cuando la imagen SVG contiene c\u00f3digo malicioso. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que cargar una imagen y luego enga\u00f1ar al usuario para que siga un enlace especialmente manipulado. Los parches est\u00e1n disponibles en las versiones 5.6.1 (para Plone 5.2), 6.0.3 (para Plone 6.0.0-6.0.4), 6.1.3 (para Plone 6.0.5-6.0.6) y 6.2.1 (para Pl\u00f3n 6.0.7). No se conocen workarounds."
}
],
"id": "CVE-2023-41048",
"lastModified": "2024-11-21T08:20:27.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-21T15:15:10.667",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEB200F-344C-44D0-9CFB-44C8F0158294",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker\u0027s site."
},
{
"lang": "es",
"value": "Un redireccionamiento abierto en el formulario de inicio de sesi\u00f3n (y posiblemente en otros lugares) en Plone versiones 4.0 hasta 5.2.1, permite a un atacante dise\u00f1ar un enlace hacia un Sitio de Plone que, cuando es seguido, y posiblemente despu\u00e9s del inicio de sesi\u00f3n, redireccionar\u00e1 hacia el sitio de un atacante."
}
],
"id": "CVE-2020-7936",
"lastModified": "2024-11-21T05:38:02.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE141CF-0196-4DCA-B328-84F8EA3D6804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation."
},
{
"lang": "es",
"value": "AccessControl/AuthEncoding.py en Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a atacantes remotos obtener contrase\u00f1as a trav\u00e9s de vectores que involucran discrepancias de tiempos en la validaci\u00f3n de contrase\u00f1as."
}
],
"id": "CVE-2012-5507",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.953",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011."
},
{
"lang": "es",
"value": "plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se exploto en junio 2011."
}
],
"id": "CVE-2011-1950",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-06T19:55:02.190",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/72729"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67695"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name."
},
{
"lang": "es",
"value": "atat.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer estructuras de datos privados a trav\u00e9s de una solicitud para una visualizaci\u00f3n sin nombre."
}
],
"id": "CVE-2012-5505",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.843",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | https://plone.org/security/hotfix/20151006 | Vendor Advisory | |
| cret@cert.org | https://pypi.python.org/pypi/plone4.csrffixes | Third Party Advisory | |
| cret@cert.org | https://www.exploit-db.com/exploits/38411/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20151006 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pypi.python.org/pypi/plone4.csrffixes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38411/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 4.3.10 | |
| plone | plone | 4.3.11 | |
| plone | plone | 4.3.12 | |
| plone | plone | 4.3.14 | |
| zope | zope_management_interface | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF50C9-1710-48F6-ADD7-E23C10385726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DAC05-E1F0-4791-9B98-2AC0A370E885",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope_management_interface:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8514FC59-D8D5-4645-AC5A-EDAD6BFF4B87",
"versionEndIncluding": "4.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en Zope Management Interface 4.3.7 y anteriores, as\u00ed como en Plone en versiones anteriores a la 5.x."
}
],
"id": "CVE-2015-7293",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T21:29:00.680",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20151006"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pypi.python.org/pypi/plone4.csrffixes"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38411/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20151006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pypi.python.org/pypi/plone4.csrffixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38411/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-24 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/20/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 4.3.2 | |
| plone | plone | 4.3.3 | |
| plone | plone | 4.3.4 | |
| plone | plone | 4.3.5 | |
| plone | plone | 4.3.6 | |
| plone | plone | 4.3.7 | |
| plone | plone | 4.3.8 | |
| plone | plone | 4.3.9 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0 | |
| plone | plone | 5.0.1 | |
| plone | plone | 5.0.2 | |
| plone | plone | 5.0.3 | |
| plone | plone | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors."
},
{
"lang": "es",
"value": "Plone 4.0 hasta la versi\u00f3n 5.1a1 no tiene declaraciones de seguridad para solicitudes de WebDAV relacionadas con contenido de Dexterity, lo que permite a atacantes remotos obtener acceso webdav a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4041",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-24T20:59:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite a administradores autenticados remotos dise\u00f1ar E/S de discos por medio de argumentos de palabras clave dise\u00f1ados a la transformaci\u00f3n ReStructuredText en un script de Python"
}
],
"id": "CVE-2021-33509",
"lastModified": "2024-11-21T06:08:58.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request."
},
{
"lang": "es",
"value": "La implementaci\u00f3n object manager (objectmanager.py) en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no restringe debidamente acceso a los m\u00e9todos internos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud manipulada."
}
],
"id": "CVE-2013-4196",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.817",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | * | |
| plone | plone | 1.0 | |
| plone | plone | 1.0.1 | |
| plone | plone | 1.0.2 | |
| plone | plone | 1.0.3 | |
| plone | plone | 1.0.4 | |
| plone | plone | 1.0.5 | |
| plone | plone | 1.0.6 | |
| plone | plone | 2.0 | |
| plone | plone | 2.0.1 | |
| plone | plone | 2.0.2 | |
| plone | plone | 2.0.3 | |
| plone | plone | 2.0.4 | |
| plone | plone | 2.0.5 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A42F6F8-87FC-4F7D-B843-064573F7B5C5",
"versionEndIncluding": "3.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL."
},
{
"lang": "es",
"value": "kupu_spellcheck.py en Kupu en Plone anterior a 4.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del hilo ZServer) a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-5496",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.390",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL."
},
{
"lang": "es",
"value": "typeswidget.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente la configuraci\u00f3n inmutable en formularios de editar contenido no especificados, lo que permite a atacantes remotos esconder campos en los formularios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-4193",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-11T19:37:02.803",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422.\r\n"
}
],
"id": "CVE-2011-1949",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-06T19:55:02.160",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/72728"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44776"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "837BA92A-14B9-4506-BD37-2135807EEF6A",
"versionEndIncluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "911091B6-4A99-436F-A621-EC157CC83DB9",
"versionEndIncluding": "4.0.9",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "534D6FEA-FDB9-49D7-881B-1BC3D6EC531E",
"versionEndIncluding": "4.1.6",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3225F460-1390-482D-8FB0-0291F270E58E",
"versionEndIncluding": "4.2.7",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C920765F-25D5-42BD-804A-DCA32F3FBD47",
"versionEndIncluding": "4.3.2",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Zope, como es usado en Plone versiones 3.3.x hasta la versi\u00f3n 3.3.6, versiones 4.0.x hasta 4.0.9, versiones 4.1.x hasta la versi\u00f3n 4.1.6, versiones 4.2.x hasta 4.2.7 y versiones 4.3 hasta 4.3.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una entrada no especificada en el m\u00e9todo (1) browser_id_manager o (2) OFS.Image."
}
],
"id": "CVE-2013-7062",
"lastModified": "2024-11-21T02:00:15.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T19:15:12.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-06 00:15
Modified
2025-01-21 16:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0E44CB-496D-4CCF-AEE3-A8013D0092B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request."
},
{
"lang": "es",
"value": "Debido al control de acceso incorrecto en la versi\u00f3n v6.0.9 de Plone, los atacantes remotos pueden ver y enumerar todos los archivos alojados en el sitio web mediante el env\u00edo de una solicitud manipulada."
}
],
"id": "CVE-2024-22889",
"lastModified": "2025-01-21T16:53:16.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-06T00:15:52.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/09/22/15 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1264799 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20150910 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/09/22/15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1264799 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20150910 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kupu_project | kupu | * | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 3.3.6 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.0.10 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.1 | |
| plone | plone | 4.1.2 | |
| plone | plone | 4.1.3 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.2.6 | |
| plone | plone | 4.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kupu_project:kupu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05664B32-3887-4FD8-A5CA-2CFEBA022AE3",
"versionEndIncluding": "1.4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings."
},
{
"lang": "es",
"value": "Kupu desde la versi\u00f3n 3.3.0 hasta la versi\u00f3n 3.3.6, desde la 4.0.0 hasta la 4.0.10, desde la 4.1.0 hasta la versi\u00f3n 4.1.6 y desde la 4.2.0 hasta la versi\u00f3n 4.2.7 permite que los usuarios autenticados remotos editen la configuraci\u00f3n de Kupu."
}
],
"id": "CVE-2015-7317",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T17:29:00.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20150910/privilege-escalation-in-kupu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to \"go_back.\""
},
{
"lang": "es",
"value": "python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar c\u00f3digo Python a trav\u00e9s de una URL manipulada, relacionado con \u0027go_back.\u0027"
}
],
"id": "CVE-2012-5495",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.327",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/11"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1C3F58-5338-4BB2-9907-66BC306BEB1A",
"versionEndIncluding": "5.2.0",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking."
},
{
"lang": "es",
"value": "Una falta de comprobaciones de la fortaleza de la contrase\u00f1a en algunos formularios en Plone versiones 4.3 hasta 5.2.0, permite a usuarios establecer contrase\u00f1as d\u00e9biles, conllevando a facilitar el descifrado."
}
],
"id": "CVE-2020-7940",
"lastModified": "2024-11-21T05:38:03.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 02:15
Modified
2024-11-21 05:26
Severity ?
Summary
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/koharin/koharin2/blob/main/CVE-2020-35190 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/koharin/koharin2/blob/main/CVE-2020-35190 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15192B7-5B9E-4454-A7D1-317110AFF334",
"versionEndExcluding": "4.3.18-alpine",
"versionStartIncluding": "4.0.0-alpine",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
},
{
"lang": "es",
"value": "Las im\u00e1genes de Docker de official plone versiones anteriores a la versi\u00f3n 4.3.18-alpine (espec\u00edfica de Alpine) contienen una contrase\u00f1a en blanco para un usuario root.\u0026#xa0;El sistema que usa el contenedor de docker plone implementado por unas versiones afectadas de la imagen de docker puede permitir a un atacante remoto conseguir acceso root con una contrase\u00f1a en blanco"
}
],
"id": "CVE-2020-35190",
"lastModified": "2024-11-21T05:26:55.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T02:15:13.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-08 21:15
Modified
2024-11-21 05:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:products.pluggableauthservice:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3C2A43-06D9-4E9B-AE27-04DA56FFF848",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "821A3793-1D04-4480-823E-6B92391AB000",
"versionEndIncluding": "4.3.20",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install \"Products.PluggableAuthService\u003e=2.6.0\"`."
},
{
"lang": "es",
"value": "Products.PluggableAuthService es un framework de autenticaci\u00f3n y autorizaci\u00f3n de Zope conectable.\u0026#xa0;En Products.PluggableAuthService versiones anteriores a 2.6.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n: todos pueden enumerar los nombres de los roles definidos en el plugin ZODB Role Manager si el sitio usa este plugin.\u0026#xa0;El problema ha sido corregido en versi\u00f3n 2.6.0.\u0026#xa0;Dependiendo de c\u00f3mo haya instalado Products.PluggableAuthService, debe cambiar el pin de la versi\u00f3n de compilaci\u00f3n a 2.6.0 y volver a ejecutar la compilaci\u00f3n, o si us\u00f3 pip simplemente haga la instalaci\u00f3n de pip \"Products.PluggableAuthService versiones posteriores o iguales a 2.6.0 \"`"
}
],
"id": "CVE-2021-21336",
"lastModified": "2024-11-21T05:48:03.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-08T21:15:16.683",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://pypi.org/project/Products.PluggableAuthService/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://pypi.org/project/Products.PluggableAuthService/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153836BA-1944-498A-BF06-D4096478757A",
"versionEndIncluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool."
},
{
"lang": "es",
"value": "Plone versiones hasta 5.2.4, permite un ataque de tipo XSS por medio de los m\u00e9todos inline_diff en Products.CMFDiffTool"
}
],
"id": "CVE-2021-33513",
"lastModified": "2024-11-21T06:08:59.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface."
},
{
"lang": "es",
"value": "registerConfiglet.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar c\u00f3digo Python a trav\u00e9s de vectores no especificados, relacionado con la interfaz de administraci\u00f3n."
}
],
"id": "CVE-2012-5485",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.733",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-29 19:07
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E0884-D0A4-4511-AD4B-DBB09CB8080E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to \"an erroneous security declaration.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el Password Reset Tool anterior a 0.4.1 sobre Plone 2.5 y 2.5.1 Release Candidate, permite a un atacante remoto reiniciar las contrase\u00f1as de otros usuarios, relacionado con \"una declaraci\u00f3n erronea de seguridad\"."
}
],
"id": "CVE-2006-4247",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-29T19:07:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/about/security/advisories/cve-2006-4247"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-06 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC5AE4-D297-4345-94F1-63E933E94288",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Plone v4.1 y anteriores , permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s una URL manipulada."
}
],
"id": "CVE-2011-1948",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-06T19:55:02.113",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/72727"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44776"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D913FCA7-4DAE-4E9A-9146-9AFA8472B04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8883023-113A-420A-97B6-A4A9B29CF7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF4D113-8D9D-4DA3-A177-64783352F608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28F9B699-D1A4-425C-84ED-6A8FD29BE7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC8B987-5173-4C61-8DE6-B70C18EE6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA31E8-77EC-478B-BC6E-E2F145A8B9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56571585-E9A2-4B78-B2B1-5D8EADED522A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDF8A15-401C-453E-8D09-8D4CDD4766DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "043B3CBE-DEA2-474D-AA57-1830A470B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08A6842B-B479-4D91-928A-1CCE1DCB936E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "875A368A-F1D6-4795-99CF-A96DBCD1D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5962C24-BC35-4E27-B81B-E2D21F83FB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55BCE259-700F-4E39-8565-99E4DFDA6F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0755E5-2001-499F-90EA-6C2133D116D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5893527F-D365-4A39-9104-1B478804F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "E3642637-8B6D-40A0-9A60-EACE70BB0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58165598-70DB-48AD-BD6E-793B103DC15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en una plantilla de p\u00e1gina no especificada en Plone CMS 5.x hasta la versi\u00f3n 5.0.6, 4.x hasta la versi\u00f3n 4.3.11 y 3.3.x hasta la versi\u00f3n 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-7139",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T16:59:01.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.2.2 | |
| plone | plone | 4.2.3 | |
| plone | plone | 4.2.4 | |
| plone | plone | 4.2.5 | |
| plone | plone | 4.3 | |
| plone | plone | 4.3.1 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E448A-2C0C-4DE0-89EA-904718CB6C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E727C5C-9E54-49F7-B92C-2492069AAE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD68465-4CDC-4788-8932-41335B5C4AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B739E0-FB73-401C-AB1A-E3C1434AA2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE0FC06-369B-46CF-9B1E-BAF7AF87E950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors."
},
{
"lang": "es",
"value": "member_portrait.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a usuarios remotos autenticados modificar o eliminar retratos de otros usuarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4197",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:02.833",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978478"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, relacionado con \u0027{u,}translate.\u0027"
}
],
"id": "CVE-2012-5494",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-30T14:55:06.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en kssdevel.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5490",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-30T14:55:06.063",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/06"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE141CF-0196-4DCA-B328-84F8EA3D6804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character."
},
{
"lang": "es",
"value": "ZPublisher.HTTPRequest._scrubHeader en Zope 2 anterior a 2.13.19, utilizado en Plone anterior a 4.3 beta 1, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a trav\u00e9s de un caracter \u0027linefeed\u0027 (LF)."
}
],
"evaluatorComment": "\u003ca href = \"http://cwe.mitre.org/data/definitions/113.html\"\u003e CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) \u003c/a\u003e",
"id": "CVE-2012-5486",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.843",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/24/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/22/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D764EF4-D80D-45E1-A654-55802EFB73E7",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level."
},
{
"lang": "es",
"value": "plone.restapi en Plone versiones 5.2.0 hasta 5.2.1, permite a usuarios con un determinado nivel de privilegio escalar sus privilegios hasta el nivel m\u00e1s alto."
}
],
"id": "CVE-2020-7938",
"lastModified": "2024-11-21T05:38:02.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:13.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/22/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}