CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7941
https://notcve.org/view.php?id=CVE-2020-7941
23 Jan 2020 — A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. Un problema de escalada de privilegios en plone.app.contenttypes en Plone versiones 4.3 hasta 5.2.1, permite a usuarios COLOCAR (sobrescribir) parte del contenido sin necesario un permiso de escritura. • http://www.openwall.com/lists/oss-security/2020/01/24/1 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-4043
https://notcve.org/view.php?id=CVE-2016-4043
24 Feb 2017 — Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. Chameleon (five.pt) en Plone 5.0rc1 hasta la versión 5.1a1 permite a usuarios remotos autenticados eludir Restricted Python aprovechando permisos para crear y editar plantillas. • http://www.openwall.com/lists/oss-security/2016/04/20/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 2CVE-2016-7135 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7135
12 Oct 2016 — Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. Vulnerabilidad de salto de directorio en Plone CMS 5.x hasta la versión 5.0.6 y 4.2.x hasta la versión 4.3.11 permite a administradores remotos leer archivos arbitrarios a travçes de .. (punto punto) en el parámetro path en una acción... • https://packetstorm.news/files/id/139110 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 2CVE-2016-7136 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7136
12 Oct 2016 — z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. z3c.form en Plone CMS 5.x hasta la versión 5.0.6 y 4.x hasta la versión 4.3.11 permite a atacantes remotos llevar a cabo ataques de XSS a través de una petición GET manipulada. Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities. • https://packetstorm.news/files/id/139110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2016-7137 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7137
12 Oct 2016 — Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. Múltiples vulnerabilidades de redirección abierta en Plone ... • https://packetstorm.news/files/id/139110 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2016-7138 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7138
12 Oct 2016 — Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la infraestructura de comprobación de URL en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipula... • https://packetstorm.news/files/id/139110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2016-7139 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7139
12 Oct 2016 — Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de XSS en una plantilla de página no especificada en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocid... • https://packetstorm.news/files/id/139110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2016-7140 – Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
https://notcve.org/view.php?id=CVE-2016-7140
12 Oct 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la página ZMI en Zope2 en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no espe... • https://packetstorm.news/files/id/139110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •