Skip to main contentSkip to navigationSkip to footer
Plone.org logo

Why Plone

  • What is Plone?
  • Features
  • Plone 6
  • They use Plone
  • Extend Plone

Why Plone

Get Started with Plone

  • Try Plone
  • Install Plone
  • Documentation
  • Training

Get Started

Services

  • Providers
  • Training

Services

Community

  • Bugs
  • Conferences
  • Contribute
  • Forum
  • Google Summer of Code
  • Online Chat
  • Support
  • Teams

Community

Plone Foundation

  • About the Plone Foundation
  • Board of Directors
  • Membership
  • Meetings
  • How to Sponsor Plone
  • Plone Event and Sprint Sponsorship Policy
  • Copyright, Licensing: Plone Code & Logo
  • Contact us

Foundation

News and Events

  • News
  • Events
  • The Plone Newsroom
  • Plone in Social Media
  • Plone YouTube channel
  • Conferences
  • Sprints
  • Plone Conference 2023
  • World Plone Day 2023

News and Events
Try now
Home

Search results

33 results
Sort by:

Open redirection on login form

An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.
Read More…

An open redirection when calling a specific url.

By accessing a specific URL, you could get redirected to the site of an attacker
Read More…

XSS using the home_page member property.

Cross Site Scripting using the home_page member property.
Read More…

Sandbox escape

Read More…

Privilege escalation when plone.restapi is installed

Read More…

An open redirection on the login form and possibly other places

Read More…

Password strength checks were not always checked.

Read More…

Privilege escalation for overwriting content

Read More…

SQL injection in DTML or in connection objects

Read More…

XSS in the title field on plone 5.0 and higher.

Read More…

Release Schedule

Timeline of maintenance and support for Plone releases.
Read More…

Plone 5.2.2 released

A bugfix release with many fixes and package version upgrades
Read More…

Plone 5.2.3, Plone 5.1.7 and Plone 4.3.20 released!

Final releases to 4.3 and 5.1 series, along with the latest 5.2.3.
Read More…

Plone 5.2.4 Released!

Check out the latest release to Plone 5.2 series, which includes new features to plone.restapi along with security fixes and other improvements.
Read More…

Plone 5.2.5 Released!

Check out the latest release to Plone 5.2 series, which includes security fixes, Zope updates and other improvements
Read More…

Stored XSS from user fullname

Read More…

Stored XSS from file upload (svg, html)

Read More…

XSS vulnerability in CMFDiffTool

Read More…

Reflected XSS in various spots

Read More…

Writing arbitrary files via docutils and Python Script

Read More…

Information disclosures: mostly installation logs

Read More…

Blind SSRF via feedparser accessing an internal URL

Read More…

Server Side Request Forgery via event ical URL

Read More…

Server Side Request Forgery via lxml parser

Read More…

Remote Code Execution via traversal in expressions with aliases

Read More…
12
About Plone
Try Plone
Download Plone
Documentation
Training
Security
Roadmap
Github
Community
Forum
Chat
Contribute code
Report an issue
News and events
Conference
Foundation
Join the foundation
Board
Donate
Sponsors
Code of conduct
Foundation members
Shop
Follow us
Mastodon
Twitter
Instagram
YouTube
Linkedin
Facebook
Privacy Policy
Cookie settings
Plone.org logo
The text and illustrations in this website are licensed by the Plone Foundation under a Creative Commons Attribution-ShareAlike 4.0 International license. Plone and the Plone® logo are registered trademarks of the Plone Foundation, registered in the United States and other countries. For guidelines on the permitted uses of the Plone trademarks, see https://plone.org/foundation/logo. All other trademarks are owned by their respective owners.