Filtered by vendor Plone
Subscriptions
Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5492 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | ||||
| CVE-2012-5488 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | ||||
| CVE-2012-5486 | 3 Plone, Redhat, Zope | 3 Plone, Rhel Cluster, Zope | 2025-04-12 | N/A |
| ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | ||||
| CVE-2012-5491 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | ||||
| CVE-2012-5485 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | ||||
| CVE-2012-5489 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | ||||
| CVE-2012-5490 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5495 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | ||||
| CVE-2012-5496 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | ||||
| CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||
| CVE-2012-5499 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | ||||
| CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
| CVE-2012-5502 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5503 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | ||||
| CVE-2012-5504 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5505 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | ||||
| CVE-2012-5507 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | ||||
| CVE-2012-5508 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. | ||||
| CVE-2013-7060 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | ||||
| CVE-2013-7061 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | ||||