Search results
21 results
Sort by:
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Privilege escalation in Kupu
Privilege escalation in Kupu
Header injection
People who can write cookie values in Zope can inject headers
Multiple CSRF Vulnerabilities in Zope
The ZMI is mostly unprotected from CSRF vulnerabilities.
20151208
20151208
Unauthorized disclosure of registered user information
A vulnerability that allows attackers to gain information about the users registered to a Plone site
20160419
20160419
Privilege escalation in WebDAV
A missing WebDAV security declaration would allow unauthorized webdav access.
Unauthorized disclosure of site content
A vulnerability that allows attackers to gain information about private site content.
Bypass Restricted Python
A user who can create or edit templates can bypass Restricted Python.
Non-Persistent XSS in Zope2
Non-Persistent XSS in Zope2
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Non-Persistent XSS in Plone
Open Redirection in Plone
Open Redirection in Plone
Non-Persistent XSS in Plone forms
Non-Persistent XSS in Plone forms
Filesystem information leak
A vulnerability that allows remote attackers to obtain information on files on the server
Unauthorized copy of site content
A user who is allowed to copy a folder was also able to copy private content contained in that folder the user did not have access to.
Unauthorized disclosure of site configuration
Various methods and objects were published that do not need to be which lead to unnecessary disclosure of site configuration
Unauthorized access of site content
Comments on private content were published
Non-Persistent XSS in Zope2
Non-Persistent XSS in Zope2
Sandbox escape
Sandbox escape