CVSS: 5.8EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4195
https://notcve.org/view.php?id=CVE-2013-4195
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en (1) marmoset_patch.py, (2) publish.py y (3) principiaredirect.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978471 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4191
https://notcve.org/view.php?id=CVE-2013-4191
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive. zip.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente restricciones de acceso cuando involucra contenido en un archivo zip, lo que permite a atacantes remotos obtener información sensible mediante la lectura de un archivo generado. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978453 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4192
https://notcve.org/view.php?id=CVE-2013-4192
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. sendto.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a usuarios remotos autenticados falsificar emails a través de vectores no especificados. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978464 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4190
https://notcve.org/view.php?id=CVE-2013-4190
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) spamProtect.py, (2) pts.py y (3) request.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4196
https://notcve.org/view.php?id=CVE-2013-4196
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request. La implementación object manager (objectmanager.py) en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no restringe debidamente acceso a los métodos internos, lo que permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978475 • CWE-264: Permissions, Privileges, and Access Controls •