Search results
13 results
Sort by:
20111004
AKA 20113587 or 20110928
20110628
AKA 20112528 or 20110622
20110208
AKK 20110720
20110601
AKA 20110531
Privilege escalation
Anonymous users can create users with arbitrary roles
Reflected XSS
Persistent XSS
This is a persistent cross-site scripting (XSS) attack. It allows a user to craft markup that bypasses Plone's safe_html filter to insert and save arbitrary HTML with malicious content.
Privilege escalation
This is an escalation of privileges attack which makes it possible for an authenticated Plone user to edit the properties of other users, bypassing authorization checks.
Privilege escalation
A highly serious vulnerability in Zope that allows unauthorised access
Arbitrary code execution
A vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of arbitrary code by anonymous users.
20121106
AKA 20121106
Restricted Python injection
Anonymous users can cause an arbitrary Python statement to be run when the admin interface is accessed. No breakout of the in-built Python sandbox is possible, but it will run with the privileges of that admin user.
Reflexive HTTP header injection
A crafted URL can contain arbitrary HTTP headers that are then returned to the user. Can be used to log users out, for example.