Page 7 of 62 results (0.011 seconds)

CVSS: 3.5EPSS: 0%CPEs: 72EXPL: 0

Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en safe_html.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. z3c.form, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a atacantes remotos obtener los valores de los campos de formularios por defecto medinate el aprovechamiento de conocimientos de la localización de formularios y el elemento id. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/07 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 72EXPL: 0

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. atat.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer estructuras de datos privados a través de una solicitud para una visualización sin nombre. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/21 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." Vulnerabilidad de XSS en python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, relacionado con '{u,}translate.' • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. La función App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringidos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/1079238 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/05 • CWE-264: Permissions, Privileges, and Access Controls •