Search results
33 results
Sort by:
Plone 5.2.3, Plone 5.1.7 and Plone 4.3.20 released!
Final releases to 4.3 and 5.1 series, along with the latest 5.2.3.
Plone 5.2.4 Released!
Check out the latest release to Plone 5.2 series, which includes new features to plone.restapi along with security fixes and other improvements.
Plone 5.2.5 Released!
Check out the latest release to Plone 5.2 series, which includes security fixes, Zope updates and other improvements
Privilege escalation for overwriting content
Privilege escalation when plone.restapi is installed
Reflected XSS and Open Redirect in image_view_fullscreen
Reflected XSS in various spots
Release Schedule
Timeline of maintenance and support for Plone releases. Last major policy update: 2024-01-15.
Release schedule link
The Plone Release pages try to point to /download/release-schedule, but it comes out as /release-schedule, so I created a link.
Remote Code Execution via Python Scripts
Remote Code Execution via traversal in expressions part 2
Remote Code Execution via traversal in expressions with aliases
Sandbox escape
Server Side Request Forgery via event ical URL
Server Side Request Forgery via lxml parser
SQL injection in DTML or in connection objects
Stored XSS from file upload (svg, html)
Stored XSS from user fullname
Stored XSS in folder contents
Writing arbitrary files via docutils and Python Script
XSS in the title field on plone 5.0 and higher.
XSS using the home_page member property.
Cross Site Scripting using the home_page member property.