A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-01-18
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
CVSS Score
3.7
EPSS Score
0.005
Published
2023-09-21
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-30
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-21
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-21
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
CVSS Score
9.9
EPSS Score
0.01
Published
2021-05-21
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-21
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-21
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-21
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-21
Page 1