Search results
21 results
Sort by:
20151208
20151208
20160419
20160419
Bypass Restricted Python
A user who can create or edit templates can bypass Restricted Python.
Filesystem information leak
A vulnerability that allows remote attackers to obtain information on files on the server
Header injection
People who can write cookie values in Zope can inject headers
Multiple CSRF Vulnerabilities in Zope
The ZMI is mostly unprotected from CSRF vulnerabilities.
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone forms
Non-Persistent XSS in Plone forms
Non-Persistent XSS in Zope2
Non-Persistent XSS in Zope2
Non-Persistent XSS in Zope2
Non-Persistent XSS in Zope2
Open Redirection in Plone
Open Redirection in Plone
Privilege escalation in Kupu
Privilege escalation in Kupu
Privilege escalation in WebDAV
A missing WebDAV security declaration would allow unauthorized webdav access.
Sandbox escape
Sandbox escape
Unauthorized access of site content
Comments on private content were published
Unauthorized copy of site content
A user who is allowed to copy a folder was also able to copy private content contained in that folder the user did not have access to.
Unauthorized disclosure of site configuration
Various methods and objects were published that do not need to be which lead to unnecessary disclosure of site configuration
Unauthorized disclosure of registered user information
A vulnerability that allows attackers to gain information about the users registered to a Plone site
Unauthorized disclosure of site content
A vulnerability that allows attackers to gain information about private site content.