Shodan
Vulnerabilities
Vulnerable Software
Plone:  >> Plone  >> 3.1.3  Security Vulnerabilities
CVE-2012-5492
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-09-30
CVE-2012-5493
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
CVSS Score
8.5
EPSS Score
0.005
Published
2014-09-30
CVE-2012-5494
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
CVSS Score
4.3
EPSS Score
0.003
Published
2014-09-30
CVE-2012-5495
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
CVSS Score
5.0
EPSS Score
0.006
Published
2014-09-30
CVE-2012-5496
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
CVSS Score
5.0
EPSS Score
0.006
Published
2014-09-30
CVE-2012-5497
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-09-30
CVE-2012-5498
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
CVSS Score
5.0
EPSS Score
0.012
Published
2014-09-30
CVE-2012-5499
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
CVSS Score
5.0
EPSS Score
0.009
Published
2014-09-30
CVE-2012-5501
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-09-30
CVE-2012-5502
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.002
Published
2014-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved