Search results

35 results

Release schedule link

The Plone Release pages try to point to /download/release-schedule, but it comes out as /release-schedule, so I created a link.

Remote Code Execution via Python Scripts

Remote Code Execution via traversal in expressions part 2

Remote Code Execution via traversal in expressions with aliases

Sandbox escape

Server Side Request Forgery via event ical URL

Server Side Request Forgery via lxml parser

SQL injection in DTML or in connection objects

Stored XSS from file upload (svg, html)

Stored XSS from user fullname

Stored XSS in folder contents

Writing arbitrary files via docutils and Python Script

XSS in the title field on plone 5.0 and higher.

XSS using the home_page member property.

Cross Site Scripting using the home_page member property.

XSS vulnerability in CMFDiffTool