VIR Vulnerability Intelligence Relay

Package impact

python PyPI / plone

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2015-7293 high 8.8 8.8 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. python
CVE-2012-5493 high 8.5 4y ago gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. python
CVE-2012-5487 high 8.5 12y ago The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and e… python
CVE-2011-0720 high 7.5 4y ago Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and… python
CVE-2015-7318 high 7.5 7.5 9y ago Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. python
CVE-2011-2528 high 7.5 15y ago Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privi… python
CVE-2016-4041 high 7.3 7.3 9y ago Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. python