Plone: >> Plone >> 4.0.6.1 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-06-06
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
CVSS Score
3.5
EPSS Score
0.004
Published
2011-06-06
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.005
Published
2009-04-23
Page 7