A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-23
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.005
Published
2009-04-23
Page 3