Page 19 of 103 results (0.012 seconds)

CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. El componente CMFEditions v2.x en Plone v4.0.x hasta v4.0.9, v4.1, y v4.2 hasta v4.2a2 no previene clases KwAsAttributes publicables, lo que permite a atacantes remotos acceder a sub-objetos a través de vectores no especificados, una vulnerabilidad diferente que CVE-2011-3587. • http://plone.org/products/plone-hotfix/releases/20110928 http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 http://secunia.com/advisories/46323 http://www.securityfocus.com/bid/50287 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1

Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en skins/plone_templates/default_error_message.pt de Plone en versiones anteriores a la 2.5.3. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro type_name de Members/ipa/createObject. • http://dev.plone.org/plone/changeset/12262 http://dev.plone.org/plone/ticket/6110 http://jvn.jp/en/jp/JVN41222793/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) PloneHotfix20110720 para Plone v3.x permite a los atacantes obtener privilegios a través de vectores no especificados, en relación con una "vulnerabilidad muy grave". NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2.011 hasta 0720. • http://plone.org/products/plone-hotfix/releases/20110622 http://plone.org/products/plone/security/advisories/20110622 http://secunia.com/advisories/45056 http://secunia.com/advisories/45111 http://www.openwall.com/lists/oss-security/2011/07/04/6 http://www.openwall.com/lists/oss-security/2011/07/12/9 https://bugzilla.redhat.com/show_bug.cgi?id=718824 https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011. plone.app.users en Plone v4.0 y v4.1 permite a usuarios remotos autenticados para modificar las propiedades de las cuentas de su elección a través de vectores no especificados, como se exploto en junio 2011. • http://osvdb.org/72729 http://plone.org/products/plone/security/advisories/CVE-2011-1950 http://secunia.com/advisories/44775 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67695 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 57EXPL: 0

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Plone v4.1 y anteriores , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través una URL manipulada. • http://osvdb.org/72727 http://plone.org/products/plone/security/advisories/CVE-2011-1948 http://secunia.com/advisories/44775 http://secunia.com/advisories/44776 http://securityreason.com/securityalert/8269 http://www.securityfocus.com/archive/1/518155/100/0/threaded http://www.securityfocus.com/bid/48005 https://exchange.xforce.ibmcloud.com/vulnerabilities/67693 https://access.redhat.com/security/cve/CVE-2011-1948 https://bugzilla.redhat.com/show_bug.cgi?id=711494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •