Plone vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2006-4249MediumPlone: Plone allows a user to masquerade as a groupCVE-2006-4247HighPlone: Plone allows anonymous users to reset any users password through the web via Password Reset ToolCVE-2006-1711Mediumplone: Plone allows remote users to modify arbitrary portraitsCVE-2021-33507MediumProducts.CMFCore: Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, PloneCVE-2021-33511HighPlone: Server-Side Request Forgery in PloneCVE-2021-33510MediumPlone: Server-Side Request Forgery in PloneCVE-2021-33509CriticalPlone: Incorrect Permission Assignment for Critical Resource in PloneCVE-2021-33508MediumPlone: Cross-site scripting in PloneCVE-2021-33512MediumPlone: Cross-site scripting in PloneCVE-2021-33513MediumPlone: Cross-site scripting in PloneCVE-2020-28736HighPlone: Improper Restriction of XML External Entity Reference in PloneCVE-2020-28735HighPlone: SSRF attacks via tracebacks in PloneCVE-2020-28734HighPlone: Improper Restriction of XML External Entity Reference in PloneCVE-2017-1000484Mediumplone: Plone Open RedirectCVE-2011-1949MediumPlone: Plone Cross-site Scripting vulnerabilityCVE-2011-1950Highplone.app.users: Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accountsCVE-2012-5503HighPlone: Plone allows remote attackers to read hidden folder contentsCVE-2012-5489HighZope2: Plone and Zope2 vulnerable to unauthorized access to restricted attributesCVE-2011-2528HighPlone: High severity vulnerability that affects Plone and Zope2CVE-2012-5486HighZope2: HTTP header injection in Plone and Zope2CVE-2012-6661HighZope2: Plone and Zope2 do not reseed pseudo-random number generatorCVE-2012-5507HighZope2: Plone and Zope2 affected by Race ConditionCVE-2011-1948MediumProducts.PasswordResetTool: Cross-site scripting in Products.CMFPlone and Products.PasswordResetToolCVE-2011-4462HighPlone: Plone Denial of Service vulnerabilityCVE-2017-5524MediumPlone: Plone Sandbox Escape

Stop the waste.
Protect your environment with Kodem.