Page 13 of 64 results (0.014 seconds)

CVSS: 3.5EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422. • http://osvdb.org/72728 http://plone.org/products/plone/security/advisories/CVE-2011-1949 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. Una vulnerabilidad no especificada en Plone versión 2.5 hasta 4.0, como se utiliza en Conga, luci, y posiblemente otros productos, permite a los atacantes remotos obtener acceso administrativo, leer o crear contenido arbitrario, y cambiar el aspecto del sitio por medio de vectores desconocidos. • http://osvdb.org/70753 http://plone.org/products/plone/security/advisories/cve-2011-0720 http://secunia.com/advisories/43146 http://secunia.com/advisories/43914 http://www.redhat.com/support/errata/RHSA-2011-0393.html http://www.redhat.com/support/errata/RHSA-2011-0394.html http://www.securityfocus.com/bid/46102 http://www.securitytracker.com/id?1025258 http://www.vupen.com/english/advisories/2011/0796 https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 https://acce • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PortalTransforms en Plone v2.1 hasta v3.3.4 anterior hotfix 20100612 permite a atacantes remotos inyectar código web o HTML de su elección a través de safe_html transform. • http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html http://secunia.com/advisories/40270 http://www.securityfocus.com/bid/40999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Plone CMS 3.0.5 y 3.0.6 permite a atacantes remotos (1) añadir cuentas de su elección desde la página join_form y (2) cambiar los privilegios de grupos de su elección desde la página prefs_groups_overview. • http://plone.org/about/security/advisories/cve-2008-0164 http://secunia.com/advisories/29361 http://securityreason.com/securityalert/3754 http://www.procheckup.com/Hacking_Plone_CMS.pdf http://www.securityfocus.com/archive/1/489544/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41263 • CWE-352: Cross-Site Request Forgery (CSRF) •