Search results

25 results

Blind SSRF via feedparser accessing an internal URL

Server Side Request Forgery via event ical URL

Server Side Request Forgery via lxml parser

Stored XSS in folder contents

Remote Code Execution via Python Scripts

Privilege escalation when plone.restapi is installed

SQL injection in DTML or in connection objects

XSS in the title field on plone 5.0 and higher.

Privilege escalation for overwriting content

An open redirection on the login form and possibly other places

Password strength checks were not always checked.

Open redirection on login form

An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.

An open redirection when calling a specific url.

By accessing a specific URL, you could get redirected to the site of an attacker

XSS using the home_page member property.

Cross Site Scripting using the home_page member property.

Sandbox escape