Skip to main contentSkip to navigationSkip to footer
Plone.org logo

Why Plone

  • What is Plone?
  • Features
  • Plone 6
  • They use Plone
  • Extend Plone
  • Roadmap
  • Plone as a Headless CMS

Why Plone

Get Started with Plone

  • Try Plone
  • Install Plone
  • Documentation
  • Training

Get Started

Services

  • Providers
  • Training

Services

Community

  • Bugs
  • Conferences
  • Contribute
  • Forum
  • Google Summer of Code
  • Online Chat
  • Support
  • Teams

Community

Plone Foundation

  • About the Plone Foundation
  • Board of Directors
  • Membership
  • Board Meetings
  • How to Sponsor Plone
  • Plone Event and Sprint Sponsorship Policy
  • Copyright, Licensing: Plone Code & Logo
  • Contact us

Foundation

News and Events

  • News
  • Events
  • Podcasts
  • Plone Podcast
  • The Plone Newsroom
  • Plone Hands-On
  • Plone in Social Media
  • Plone YouTube channel
  • Plone Tune-Up Days
  • Sprints

Highlights

  • Plone Conference 2025
  • World Plone Day 2025
  • Join the Plone Newsletter
News and Events
Try now
Home

Search results

34 results
Sort by:

Open redirection on login form

An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.
Read More…

An open redirection when calling a specific url.

By accessing a specific URL, you could get redirected to the site of an attacker
Read More…

XSS using the home_page member property.

Cross Site Scripting using the home_page member property.
Read More…

Sandbox escape

Read More…

Privilege escalation when plone.restapi is installed

Read More…

An open redirection on the login form and possibly other places

Read More…

Password strength checks were not always checked.

Read More…

Privilege escalation for overwriting content

Read More…

SQL injection in DTML or in connection objects

Read More…

XSS in the title field on plone 5.0 and higher.

Read More…

Release Schedule and Release Policy

Timeline of maintenance and support for Plone releases. Last major policy update: 2024-01-15.
Read More…

Plone 5.2.2 released

A bugfix release with many fixes and package version upgrades
Read More…

Plone 5.2.3, Plone 5.1.7 and Plone 4.3.20 released!

Final releases to 4.3 and 5.1 series, along with the latest 5.2.3.
Read More…

Plone 5.2.4 Released!

Check out the latest release to Plone 5.2 series, which includes new features to plone.restapi along with security fixes and other improvements.
Read More…

Plone 5.2.5 Released!

Check out the latest release to Plone 5.2 series, which includes security fixes, Zope updates and other improvements
Read More…

Stored XSS from user fullname

Read More…

Stored XSS from file upload (svg, html)

Read More…

XSS vulnerability in CMFDiffTool

Read More…

Reflected XSS in various spots

Read More…

Writing arbitrary files via docutils and Python Script

Read More…

Information disclosures: mostly installation logs

Read More…

Blind SSRF via feedparser accessing an internal URL

Read More…

Server Side Request Forgery via event ical URL

Read More…

Server Side Request Forgery via lxml parser

Read More…

Remote Code Execution via traversal in expressions with aliases

Read More…
12
About Plone
Try Plone
Download Plone
Plone Releases
Documentation
Training
Security
Roadmap
GitHub
Community
Forum
Chat
Contribute code
Report an issue
News and events
Conference
Join the Plone newsletter
Foundation
Join the foundation
Board
Donate
Sponsors
Code of conduct
Foundation members
Shop
Follow us
Mastodon
Twitter
Instagram
YouTube
Linkedin
Facebook
Privacy Policy
Cookie settings
Plone.org logo
The text and illustrations in this website are licensed by the Plone Foundation under a Creative Commons Attribution-ShareAlike 4.0 International license. Plone and the Plone® logo are registered trademarks of the Plone Foundation, registered in the United States and other countries. For guidelines on the permitted uses of the Plone trademarks, see https://plone.org/foundation/logo. All other trademarks are owned by their respective owners.