Shodan
Vulnerabilities
Vulnerable Software
Plone:  >> Plone  >> 4.0  Security Vulnerabilities
CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
CVSS Score
9.3
EPSS Score
0.906
Published
2011-10-10
CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
CVSS Score
9.3
EPSS Score
0.011
Published
2011-10-10
CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
CVSS Score
7.5
EPSS Score
0.006
Published
2011-07-19
CVE-2011-1948
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-06-06
CVE-2011-1949
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
CVSS Score
3.5
EPSS Score
0.004
Published
2011-06-06
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
CVSS Score
5.5
EPSS Score
0.009
Published
2011-06-06
CVE-2011-0720
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
CVSS Score
7.5
EPSS Score
0.014
Published
2011-02-03
CVE-2009-0662
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.005
Published
2009-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved