CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2011-2528
https://notcve.org/view.php?id=CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) PloneHotfix20110720 para Plone v3.x permite a los atacantes obtener privilegios a través de vectores no especificados, en relación con una "vulnerabilidad muy grave". NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2.011 hasta 0720. • http://plone.org/products/plone-hotfix/releases/20110622 http://plone.org/products/plone/security/advisories/20110622 http://secunia.com/advisories/45056 http://secunia.com/advisories/45111 http://www.openwall.com/lists/oss-security/2011/07/04/6 http://www.openwall.com/lists/oss-security/2011/07/12/9 https://bugzilla.redhat.com/show_bug.cgi?id=718824 https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html •
CVSS: 3.5EPSS: 0%CPEs: 44EXPL: 0CVE-2011-1949
https://notcve.org/view.php?id=CVE-2011-1949
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Filtro safe_html en Products.PortalTransforms de Plone v2.1 hasta v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, vulnerabilidad diferente de CVE-2010-2422. • http://osvdb.org/72728 http://plone.org/products/plone/security/advisories/CVE-2011-1949 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1950
https://notcve.org/view.php?id=CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011. plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elección a través de vectores no especificados, como se exploto en junio 2011. • http://osvdb.org/72729 http://plone.org/products/plone/security/advisories/CVE-2011-1950 http://secunia.com/advisories/44775 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67695 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1948 – plone: A reflected cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2011-1948
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Plone v4.1 y anteriores , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través una URL manipulada. • http://osvdb.org/72727 http://plone.org/products/plone/security/advisories/CVE-2011-1948 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67693 https://access.redhat.com/security/cve/CVE-2011-1948 https://bugzilla.redhat.com/show_bug.cgi?id=711494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0CVE-2011-0720 – plone: unauthorized remote administrative access
https://notcve.org/view.php?id=CVE-2011-0720
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. Una vulnerabilidad no especificada en Plone versión 2.5 hasta 4.0, como se utiliza en Conga, luci, y posiblemente otros productos, permite a los atacantes remotos obtener acceso administrativo, leer o crear contenido arbitrario, y cambiar el aspecto del sitio por medio de vectores desconocidos. • http://osvdb.org/70753 http://plone.org/products/plone/security/advisories/cve-2011-0720 http://secunia.com/advisories/43146 http://secunia.com/advisories/43914 http://www.redhat.com/support/errata/RHSA-2011-0393.html http://www.redhat.com/support/errata/RHSA-2011-0394.html http://www.securityfocus.com/bid/46102 http://www.securitytracker.com/id?1025258 http://www.vupen.com/english/advisories/2011/0796 https://exchange.xforce.ibmcloud.com/vulnerabilities/65099 https://acce • CWE-284: Improper Access Control •