from 0, < 4.2.3
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
from 0, < 4.2.3
CRITICAL9.9Plone Sandbox Bypass
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
CRITICAL9.9Incorrect Permission Assignment for Critical Resource in Plone
from 0, < 5.2.5
CRITICAL9.9Incorrect Permission Assignment for Critical Resource in Plone
from 0, < 5.2.5
CRITICAL9.8Plone Unauthenticated Write Vulnerability
>= 4.3, < 5.2.2
CRITICAL9.8Plone Unauthenticated Write Vulnerability
>= 4.3, <= 5.2.1
CRITICAL9.8Plone python code injection
from 0, < 4.2.3
CRITICAL9.8Plone python code injection
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
CRITICAL9.8Plone Code Injection vulnerability
from 0, < 4.2.3
CRITICAL9.8Plone Code Injection vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
CRITICAL9.8zope-cmfplone - arbitrary code
>= 2.5, < 2.5.5
CRITICAL9.8zope-cmfplone - arbitrary code
>= 2.5, < 2.5.5
CRITICAL9.1Plone Privilege Escalation Vulnerability
>= 2.5, < 4.0.4
CRITICAL9.1Plone Privilege Escalation Vulnerability
from 0, < 4.0.1
CRITICAL9.1Plone allows anonymous users to reset any users password through the web via Password Reset Tool
>= 2.5, < 2.5.1
CRITICAL9.1Plone allows anonymous users to reset any users password through the web via Password Reset Tool
>= 2.5, < 2.5.1
CRITICAL9.1Plone allows anonymous users to reset any users password through the web via Password Reset Tool
from 0, <= 2.5, <= 2.5.1_rc
HIGH8.8Server-Side Request Forgery in Plone CMS
>= 4.3, < 5.2.5
HIGH8.8Server-Side Request Forgery in Plone CMS
>= 4.3, < 5.2.5
HIGH8.8Plone SQL Injection Vulnerability
>= 4.0, <= 5.2.1
HIGH8.8Plone SQL Injection Vulnerability
>= 4.0, < 5.2.2
HIGH8.8Plone Privilege Escallation
>= 5.2.0, < 5.2.2
HIGH8.8Plone Privilege Escallation
>= 5.2.0, < 5.2.2
HIGH8.8Plone vulnerable to cross-site request forgery
from 0, < 5.0a1
HIGH8.8Plone vulnerable to cross-site request forgery
from 0, < 5.0a1
HIGH8.8Improper Restriction of XML External Entity Reference in Plone
from 0, < 5.2.3
HIGH8.8Improper Restriction of XML External Entity Reference in Plone
from 0, < 5.2.3
HIGH8.8SSRF attacks via tracebacks in Plone
from 0, < 5.2.3
HIGH8.8SSRF attacks via tracebacks in Plone
from 0, < 5.2.3
HIGH8.8Improper Restriction of XML External Entity Reference in Plone
from 0, < 5.2.3
HIGH8.8Improper Restriction of XML External Entity Reference in Plone
from 0, < 5.2.3
HIGH8.1Plone Improper Access Control Vulnerability
>= 2.1, < 4.1.1
HIGH8.1Plone Improper Access Control Vulnerability
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
HIGH7.5Plone allows weak passwords
>= 4.3, < 5.2.1
HIGH7.5Plone allows weak passwords
>= 4.3, < 4.3.20
HIGH7.5Plone Arbitrary File Read
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone Arbitrary File Read
from 0, < 4.2.3
HIGH7.5Plone DoS via Crafted URL
from 0, < 4.0
HIGH7.5Plone DoS via Crafted URL
from 0, < 3.3.6
HIGH7.5Plone Information Disclosure
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone Information Disclosure
from 0, < 4.2.3
HIGH7.5Plone denial of service via RSS Feed Request
from 0, < 4.2.3
HIGH7.5Plone denial of service via RSS Feed Request
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone is vulnerable to denial of service
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone is vulnerable to denial of service
>= 4.0, < 4.2.3
HIGH7.5Plone denial of service via Caching Bypass
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone denial of service via Caching Bypass
from 0, < 4.2.3
HIGH7.5Plone Header Injection
>= 3.3, < 4.0a1
HIGH7.5Plone Header Injection
>= 3.3, < 4.0a1
HIGH7.5Plone Open Redirection vulnerability via next parameter
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
HIGH7.5Plone Open Redirection vulnerability via next parameter
>= 2.1, < 4.1.1
HIGH7.5Plone Cross-site request forgery (CSRF)
>= 3.0.5, <= 3.0.6
HIGH7.5Plone Cross-site request forgery (CSRF)
from 0, < 3.1
HIGH7.5Plone Cross-site request forgery (CSRF)
from 0, < 3.1
HIGH7.5Server-Side Request Forgery in Plone
from 0, <= 5.2.4
HIGH7.5Server-Side Request Forgery in Plone
from 0, < 5.2.5
HIGH7.5Plone allows remote attackers to read hidden folder contents
from 0, < 4.2.3
HIGH7.5Plone allows remote attackers to read hidden folder contents
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5HTTP header injection in Plone and Zope2
>= 3.3.2, < 4.2.3
HIGH7.5HTTP header injection in Plone and Zope2
from 0, < 4.2.3
HIGH7.5Plone and Zope2 do not reseed pseudo-random number generator
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone and Zope2 do not reseed pseudo-random number generator
>= 3.2.2, < 4.2.3
HIGH7.5Plone and Zope2 affected by Race Condition
>= 3.2.2, < 4.2.3
HIGH7.5Plone and Zope2 affected by Race Condition
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.5Plone Denial of Service vulnerability
from 0, < 4.1.4
HIGH7.5Plone Denial of Service vulnerability
from 0, < 4.1.4
HIGH7.3Plone vulnerable to privilege escalation in WebDAV
>= 4.0, < 5.1a2
HIGH7.3Plone vulnerable to privilege escalation in WebDAV
>= 3.3, < 4.3.10
HIGH7.2Plone Code Injection vulnerability
from 0, < 4.2.3
HIGH7.2Plone Code Injection vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
HIGH7.1Cross-Frame Scripting vulnerability has been found on Plone CMS
from 0, < 6.0.7
MEDIUM6.5Plone is vulnerable to email spoofing
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM6.5Plone is vulnerable to email spoofing
>= 2.1, < 4.1.1
MEDIUM6.5Plone Unauthorized Access Vulnerability
>= 2.5, < 4.3.16, >= 5, < 5.1.0
MEDIUM6.5Plone Unauthorized Access Vulnerability
>= 2.5, < 4.3.16
MEDIUM6.5Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
>= 4.0.1, < 4.0.6
MEDIUM6.5Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
from 0, < 4.1.1
MEDIUM6.5Plone and Zope2 vulnerable to unauthorized access to restricted attributes
>= 3.2.2, < 4.2.3
MEDIUM6.5Plone and Zope2 vulnerable to unauthorized access to restricted attributes
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM6.1Plone has stored XSS in folder contents
>= 5.0, <= 5.2.4
MEDIUM6.1Plone has stored XSS in folder contents
>= 5.0, < 5.2.5
MEDIUM6.1Plone XSS in User Fullname Property and File Upload
from 0, < 5.2.4
MEDIUM6.1Plone XSS in User Fullname Property and File Upload
from 0, < 5.2.4
MEDIUM6.1Plone Open Redirect Vulnerability
>= 4.0, < 5.2.2
MEDIUM6.1Plone Open Redirect Vulnerability
>= 4.0, < 4.3.20
MEDIUM6.1Plone Cross-site Scripting vulnerability in PortalTransforms
>= 2.1, < 3.3.6
MEDIUM6.1Plone Cross-site Scripting vulnerability in PortalTransforms
from 0, < 3.3.5
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3
MEDIUM6.1Plone Cross-site scripting Vulnerability
from 0, < 4.2.3
MEDIUM6.1Plone XSS in Zope ZMI
>= 4.0, < 4.3.12
MEDIUM6.1Plone XSS in Zope ZMI
from 0, < 4.3.12, >= 5.0, < 5.0.7
MEDIUM6.1Plone Cross-site Scripting Vulnerability
from 0, < 3da710a2cd68587f0bf34f2e7ea1167d6eeee087 | >= 3.3, < 4.0a1, >= 4.0, < 4.1a1, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.7, >= 5.0a1, < 5.0rc2
MEDIUM6.1Plone Cross-site Scripting Vulnerability
>= 3.3, < 3.3.7
MEDIUM6.1Products.CMFPlone Open Redirect Vulnerability
>= 2.5, < 4.3.16, >= 5, < 5.1.0
MEDIUM6.1Products.CMFPlone Open Redirect Vulnerability
>= 2.5, < 4.3.16
MEDIUM6.1Plone Open Redirect Vulnerability
>= 5.0, <= 5.0.6
MEDIUM6.1Plone Open Redirect Vulnerability
>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
MEDIUM6.1Plone XSS
>= 5.0.0, <= 5.0.6
MEDIUM6.1Plone XSS
>= 5.0, < 5.0.7, >= 4.2, < 4.3.12
MEDIUM6.1Plone XSS
>= 5.0.0, <= 5.0.6
MEDIUM6.1Plone Cross-site Scripting (XSS) vulnerability
>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
MEDIUM6.1Plone XSS
>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
MEDIUM6.1Plone Cross-site Scripting (XSS) vulnerability
>= 5.0, < 5.0.6
MEDIUM6.1Plone vulnerable to Cross-site Scripting
>= 5.0a1, < 5.0.7
MEDIUM6.1Plone vulnerable to Cross-site Scripting
>= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
MEDIUM6.1Plone Zope cross-site scripting (XSS) vulnerability
>= 3.3, < 4.0a1, >= 4.0, < 4.0.10, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.3
MEDIUM6.1Plone Zope cross-site scripting (XSS) vulnerability
>= 3.3, < 3.3.6
MEDIUM6.1Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
from 0, < 5.2.5
MEDIUM6.1Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
from 0, <= 5.2.4
MEDIUM6.1Plone Open Redirect
>= 2.5, < 5.1.0
MEDIUM6.1Plone Open Redirect
>= 2.5, < 4.3.16
MEDIUM6.1Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
from 0, < 4.1.1
MEDIUM6.1Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
from 0, < 4.1.1
MEDIUM5.9Plone Unrestricted Filed Manipulation vulnerability via content edit forms
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM5.9Plone Unrestricted Filed Manipulation vulnerability via content edit forms
>= 2.1, < 4.1.1
MEDIUM5.9Plone unauthorized member addition vulnerability
from 0, < e1d981bfa14b664317285f0f36498f4be4a23406 | >= 3.3, < 4.0a1, >= 4.0, < 4.1a1, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.7, >= 5.0a1, < 5.0rc2
MEDIUM5.9Plone unauthorized member addition vulnerability
>= 3.3, <= 3.3.6
MEDIUM5.9Plone allows a user to masquerade as a group
>= 2.5, < 2.5.2
MEDIUM5.9Plone allows a user to masquerade as a group
>= 2.5, < 2.5.2
MEDIUM5.9Plone allows a user to masquerade as a group
from 0, <= 2.5, <= 2.5.1
MEDIUM5.5Phone information disclosure vulnerability
from 0, <= 6.0.9
MEDIUM5.4Plone XSS Vulnerability
from 0, <= 5.2.3
MEDIUM5.4Plone XSS Vulnerability
from 0, <= 5.2.3
MEDIUM5.4Plone cross site scripting (XSS)
>= 5.0, <= 5.2.1
MEDIUM5.4Plone cross site scripting (XSS)
>= 5.0, < 5.2.2
MEDIUM5.4Products.CMFPlone XSS in profile home_page property
>= 2.5, < 4.3.16, >= 5, < 5.1.0
MEDIUM5.4Products.CMFPlone XSS in profile home_page property
>= 2.5a1, < 4.3.16
MEDIUM5.4Cross-site scripting in Plone
from 0, <= 5.2.4
MEDIUM5.4Cross-site scripting in Plone
from 0, < 5.2.5
MEDIUM5.4Cross-site scripting in Plone
from 0, <= 5.2.4
MEDIUM5.4Cross-site scripting in Plone
from 0, < 5.2.5
MEDIUM5.4Cross-site scripting in Plone
from 0, <= 5.2.4
MEDIUM5.4Cross-site scripting in Plone
from 0, < 5.2.5
MEDIUM5.4Plone Cross-site Scripting vulnerability
>= 3.3.2, < 3.3.6
MEDIUM5.4Plone Cross-site Scripting vulnerability
from 0, < 4.1.1
MEDIUM5.3Plone is vulnerable to information exposure via the object manager implementation
>= 2.1, < 4.1.1
MEDIUM5.3Plone is vulnerable to information exposure via the object manager implementation
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM5.3Plone Filesystem path information leak
>= 3.3, < 4.3.3
MEDIUM5.3Plone Filesystem path information leak
>= 3.3, < 4.3.3
MEDIUM5.3Plone Information Disclosure
from 0, < 4.2.3
MEDIUM5.3Plone Information Disclosure
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM5.3Plone Metadata Disclosure
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM5.3Plone Metadata Disclosure
from 0, < 4.2.3
MEDIUM5.3Plone User account enumeration via crafted URL
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM5.3Plone User account enumeration via crafted URL
from 0, < 4.2.3
MEDIUM5.3Plone contains Cross-site Request Forgery
from 0, < 4.2.3
MEDIUM5.3Plone contains Cross-site Request Forgery
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM5.3Exposure of Sensitive Information in Plone
from 0, < 4.2.3, >= 4.3a0, < 4.3b1
MEDIUM5.3Exposure of Sensitive Information in Plone
from 0, < 4.2.3
MEDIUM5.3Plone vulnerable to unauthorized disclosure of site content
>= 3.3, < 5.1a2
MEDIUM5.3Plone vulnerable to unauthorized disclosure of site content
>= 5.0, < 5.0.5
MEDIUM4.9Plone Privilege escalation due improper authorization
>= 2.1, <= 4.1
MEDIUM4.9Plone Privilege escalation due improper authorization
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.9Plone Privilege escalation through exposed underlying API
>= 3.3b1, < 4.3.3
MEDIUM4.9Plone Privilege escalation through exposed underlying API
>= 3.3, < 4.3.3
MEDIUM4.9Chameleon in Plone allows Authentication Bypass
>= 5.0rc1, < 5.1a2
MEDIUM4.9Chameleon in Plone allows Authentication Bypass
>= 5.0rc1, <= 5.0.4
MEDIUM4.9Plone vulnerable to filesystem information leak
>= 5.0, < 5.0.7, >= 4.2, < 4.3.12
MEDIUM4.9Plone vulnerable to filesystem information leak
>= 5.0, < 5.0.7
MEDIUM4.8Plone is vulnerable to Information Exposure when generating zip archives
>= 2.1, < 4.1.1
MEDIUM4.8Plone is vulnerable to Information Exposure when generating zip archives
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.7Plone vulnerable to cross-site scripting
>= 2.1, < 4.1.1
MEDIUM4.7Plone vulnerable to cross-site scripting
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.7Plone Multiple open redirect vulnerabilities
>= 2.1, < 4.1.1
MEDIUM4.7Plone Multiple open redirect vulnerabilities
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.4Plone Authenticated Denial of Service vulnerability
>= 4.3, < 4.3.2
MEDIUM4.4Plone Authenticated Denial of Service vulnerability
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.3Plone's authenticated users able to alter their password despite of policy definition
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
MEDIUM4.3Plone's authenticated users able to alter their password despite of policy definition
>= 2.1, <= 4.1
MEDIUM4.3Server-Side Request Forgery in Plone
from 0, < 5.2.5
MEDIUM4.3Server-Side Request Forgery in Plone
from 0, <= 5.2.4
MEDIUM4.3Plone Sandbox Escape
from 0, < 4.3.12, >= 5.0a1, < 5.0.7
MEDIUM4.3Plone Sandbox Escape
>= 4.0, < 4.3.12
LOW3.7Plone is vulnerable to File System Path Exposure
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
LOW3.7Plone is vulnerable to File System Path Exposure
>= 2.1, < 4.1.1
LOW3.1Plone Denial of Service vulnerability via decompressing large zip archives
>= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
LOW3.1Plone Denial of Service vulnerability via decompressing large zip archives
>= 4.3, < 4.3.2
—Plone XSS Vulnerability
from 0, < 2.5.3
—Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
>= 4.0, < 4.0.10
—Plone Cross-site Scripting vulnerability in the LiveSearch module
from 0, < 3.0.4
—Plone credentials stored in session cookie
from 0, <= 3.1.7
—Plone Improper Session Management
from 0, < 3.0
—Plone CMS Improper Session Management
from 0, < 3.0
—zope-cmfplone - programming error
from 0, < 2.0.6
—High severity vulnerability that affects Plone and Zope2
from 0, <= 3.0, <= 3.0.1, <= 3.0.2, <= 3.0.3, <= 3.0.4, <= 3.0.5, <= 3.0.6, <= 3.1, <= 3.1.1, <= 3.1.2, <= 3.1.3, <= 3.1.4, <= 3.1.5.1, <= 3.1.6, <= 3.1.7, <= 3.2, <= 3.2.1, <= 3.2.2, <= 3.2.3, <= 3.3, <= 3.3.1, <= 3.3.2, <= 3.3.3, <= 3.3.4, <= 3.3.5, <= 3.3.6, <= 4.0, <= 4.0.1, <= 4.0.2, <= 4.0.3, <= 4.0.4, <= 4.0.5, <= 4.0.6.1, <= 4.0.7, <= 4.0.8, <= 4.1, <= 2.12.0, <= 2.12.0-a1, <= 2.12.0-a2, <= 2.12.0-a3, <= 2.12.0-a4, <= 2.12.0-b1, <= 2.12.0-b2, <= 2.12.0-b3, <= 2.12.0-b4, <= 2.12.1, <= 2.12.2, <= 2.12.3, <= 2.12.4, <= 2.12.5, <= 2.12.6, <= 2.12.7, <= 2.12.8, <= 2.12.9, <= 2.12.10, <= 2.12.11, <= 2.12.12, <= 2.12.13, <= 2.12.14, <= 2.12.15, <= 2.12.16, <= 2.12.17, <= 2.12.18, <= 2.13.0, <= 2.13.0-a1, <= 2.13.0-a2, <= 2.13.0-a3, <= 2.13.0-a4, <= 2.13.0-b1, <= 2.13.0-c1, <= 2.13.1, <= 2.13.2, <= 2.13.3, <= 2.13.4, <= 2.13.5, <= 2.13.6, <= 2.13.7
—High severity vulnerability that affects Plone and Zope2
>= 3.3.2, < 3.3.6
—High severity vulnerability that affects Plone and Zope2
>= 3.3.2, < 3.3.6
—Moderate severity vulnerability that affects Products.PlonePAS
>= 3.0, <= 3.1, <= 3.2, <= 3.3, <= 3.4, <= 3.5