Search results
33 results
Sort by:
Information disclosures: mostly installation logs
Stored XSS from file upload (svg, html)
Reflected XSS in various spots
XSS vulnerability in CMFDiffTool
Stored XSS from user fullname
Blind SSRF via feedparser accessing an internal URL
Server Side Request Forgery via event ical URL
Server Side Request Forgery via lxml parser
Stored XSS in folder contents
Remote Code Execution via Python Scripts
Privilege escalation when plone.restapi is installed
SQL injection in DTML or in connection objects
XSS in the title field on plone 5.0 and higher.
Privilege escalation for overwriting content
An open redirection on the login form and possibly other places
Password strength checks were not always checked.
Open redirection on login form
An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.
An open redirection when calling a specific url.
By accessing a specific URL, you could get redirected to the site of an attacker
XSS using the home_page member property.
Cross Site Scripting using the home_page member property.
Sandbox escape
Release schedule link
The Plone Release pages try to point to /download/release-schedule, but it comes out as /release-schedule, so I created a link.
20230921
20230921
Denial of Service in plone.rest
Denial of Service when ++api++ is used many times.