Search results
34 results
Sort by:
Remote Code Execution via Python Scripts
Privilege escalation when plone.restapi is installed
SQL injection in DTML or in connection objects
XSS in the title field on plone 5.0 and higher.
Privilege escalation for overwriting content
An open redirection on the login form and possibly other places
Password strength checks were not always checked.
Open redirection on login form
An open redirection and reflected Cross Site Scripting attack (XSS) on the login form and possibly other places where redirects are done.
An open redirection when calling a specific url.
By accessing a specific URL, you could get redirected to the site of an attacker
XSS using the home_page member property.
Cross Site Scripting using the home_page member property.
Sandbox escape
Release schedule link
The Plone Release pages try to point to /download/release-schedule, but it comes out as /release-schedule, so I created a link.
20230921
20230921
Denial of Service in plone.rest
Denial of Service when ++api++ is used many times.