Page 7 of 76 results (0.016 seconds)

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la página ZMI en Zope2 en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities. • http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5 http://www.securityfocus.com/archive/1/539572/100/0/threaded http://www.securityfocus.com/bid/92752 https://plone.org/security/hotfix/20160830/non-persistent-xss-in-zope2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 1

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de XSS en una plantilla de página no especificada en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities. • http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5 http://www.securityfocus.com/archive/1/539572/100/0/threaded http://www.securityfocus.com/bid/92752 https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 1

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. z3c.form en Plone CMS 5.x hasta la versión 5.0.6 y 4.x hasta la versión 4.3.11 permite a atacantes remotos llevar a cabo ataques de XSS a través de una petición GET manipulada. Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities. • http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5 http://www.securityfocus.com/archive/1/539572/100/0/threaded http://www.securityfocus.com/bid/92752 https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 1

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. Múltiples vulnerabilidades de redirección abierta en Plone CMS 5.x hasta la versión 5.0.6, 4.x hasta la versión 4.3.11 y 3.3.x hasta la versión 3.3.6 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de URL en el parámetro referer a (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions o (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions o el parámetro (3) came_from a /login_form. Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities. • http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5 http://www.securityfocus.com/archive/1/539572/100/0/threaded http://www.securityfocus.com/bid/92752 https://plone.org/security/hotfix/20160830/open-redirection-in-plone • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. Existen múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en Zope Management Interface 4.3.7 y anteriores, así como en Plone en versiones anteriores a la 5.x. Zope Management Interface version 4.3.7 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38411 http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html https://plone.org/security/hotfix/20151006 https://pypi.python.org/pypi/plone4.csrffixes • CWE-352: Cross-Site Request Forgery (CSRF) •