Shodan
Vulnerabilities
Vulnerable Software
Plone:  >> Plone  >> 5.0  Security Vulnerabilities
CVE-2024-0669
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-01-18
CVE-2021-33926
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-17
CVE-2021-35959
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-06-30
CVE-2021-33507
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-05-21
CVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-05-21
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
CVSS Score
9.9
EPSS Score
0.007
Published
2021-05-21
CVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-21
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-21
CVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-05-21
CVE-2021-33513
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-05-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved