Search results

34 results

Open redirection on login form

An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.

An open redirection when calling a specific url.

By accessing a specific URL, you could get redirected to the site of an attacker

XSS using the home_page member property.

Cross Site Scripting using the home_page member property.

Sandbox escape

Privilege escalation when plone.restapi is installed

An open redirection on the login form and possibly other places

Password strength checks were not always checked.

Privilege escalation for overwriting content

SQL injection in DTML or in connection objects

XSS in the title field on plone 5.0 and higher.

Release Schedule and Release Policy

Timeline of maintenance and support for Plone releases. Last major policy update: 2024-01-15.

Plone 5.2.2 released

A bugfix release with many fixes and package version upgrades

Plone 5.2.3, Plone 5.1.7 and Plone 4.3.20 released!

Final releases to 4.3 and 5.1 series, along with the latest 5.2.3.

Plone 5.2.4 Released!

Check out the latest release to Plone 5.2 series, which includes new features to plone.restapi along with security fixes and other improvements.

Plone 5.2.5 Released!

Check out the latest release to Plone 5.2 series, which includes security fixes, Zope updates and other improvements

Stored XSS from user fullname

Stored XSS from file upload (svg, html)

XSS vulnerability in CMFDiffTool

Reflected XSS in various spots

Writing arbitrary files via docutils and Python Script

Information disclosures: mostly installation logs

Blind SSRF via feedparser accessing an internal URL

Server Side Request Forgery via event ical URL

Server Side Request Forgery via lxml parser

Remote Code Execution via traversal in expressions with aliases