CVSS: 5.8EPSS: 4%CPEs: 46EXPL: 1CVE-2013-4200 – Plone - 'in_portal.py' < 4.1.3 Session Hijacking
https://notcve.org/view.php?id=CVE-2013-4200
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login. El método isURLInPortal en la clase URLTool en in_portal.py en Plone 2.1 a 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1, trata las URLs que comienzan con un espacio como URLs relativas, lo cual permite a atacantes sortear la propiedad de filtrado allow_external_login_sites, redirigiendo a usuarios a sitios web arbitrarios, y efectuando ataques de phishing a través de un espacio antes de la URL en el parámetro "next" en acl_users/credentials_cookie_auth/require_login. Plone CMS suffers from a URL redirection credential disclosure vulnerability. • https://www.exploit-db.com/exploits/38738 http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://www.openwall.com/lists/oss-security/2013/08/01/2 http://www.securityfocus.com/archive/1/530787/100/0/threaded https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 62EXPL: 0CVE-2011-4462
https://notcve.org/view.php?id=CVE-2011-4462
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Plone v4.1.3 y anteriores calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://secunia.com/advisories/47406 http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72018 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2011-2528
https://notcve.org/view.php?id=CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) PloneHotfix20110720 para Plone v3.x permite a los atacantes obtener privilegios a través de vectores no especificados, en relación con una "vulnerabilidad muy grave". NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2.011 hasta 0720. • http://plone.org/products/plone-hotfix/releases/20110622 http://plone.org/products/plone/security/advisories/20110622 http://secunia.com/advisories/45056 http://secunia.com/advisories/45111 http://www.openwall.com/lists/oss-security/2011/07/04/6 http://www.openwall.com/lists/oss-security/2011/07/12/9 https://bugzilla.redhat.com/show_bug.cgi?id=718824 https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html •
CVSS: 3.5EPSS: 0%CPEs: 44EXPL: 0CVE-2011-1949
https://notcve.org/view.php?id=CVE-2011-1949
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422. • http://osvdb.org/72728 http://plone.org/products/plone/security/advisories/CVE-2011-1949 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1948 – plone: A reflected cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2011-1948
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Plone v4.1 y anteriores , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través una URL manipulada. • http://osvdb.org/72727 http://plone.org/products/plone/security/advisories/CVE-2011-1948 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67693 https://access.redhat.com/security/cve/CVE-2011-1948 https://bugzilla.redhat.com/show_bug.cgi?id=711494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •