Known Vulnerabilities for Plone by Plone
Listed below are 10 of the newest known vulnerabilities associated with "Plone" by "Plone".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23599 | Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATCo... | 6.1 - MEDIUM | 2022-01-28 | 2023-06-27 |
| CVE-2021-33511 | Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plo... | 7.5 - HIGH | 2021-05-21 | 2021-05-24 |
| CVE-2021-33510 | Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a... | 4.3 - MEDIUM | 2021-05-21 | 2021-05-24 |
| CVE-2021-33509 | Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructure... | 9.9 - CRITICAL | 2021-05-21 | 2021-05-24 |
| CVE-2021-33508 | Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | 5.4 - MEDIUM | 2021-05-21 | 2021-05-24 |
| CVE-2021-33507 | Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other p... | 6.1 - MEDIUM | 2021-05-21 | 2021-05-27 |
| CVE-2021-32633 | Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indi... | 8.8 - HIGH | 2021-05-21 | 2022-04-06 |
| CVE-2021-29002 | A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_t... | 5.4 - MEDIUM | 2021-03-24 | 2021-12-08 |
| CVE-2021-21336 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic... | 6.5 - MEDIUM | 2021-03-08 | 2022-06-03 |
| CVE-2021-3313 | Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the fil... | 5.4 - MEDIUM | 2021-05-20 | 2021-05-25 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Plone | Plone | 5.2.3 | All | All | All |
| Application | Plone | Plone | 5.2.2 | All | All | All |
| Application | Plone | Plone | 5.2.1 | All | All | All |
| Application | Plone | Plone | 5.2.0 | All | All | All |
| Application | Plone | Plone | 5.2 | - | All | All |
| Application | Plone | Plone | 5.2 | beta1 | All | All |
| Application | Plone | Plone | 5.2 | rc1 | All | All |
| Application | Plone | Plone | 5.2 | rc4 | All | All |
| Application | Plone | Plone | 5.2 | rc5 | All | All |
| Application | Plone | Plone | 5.1a1 | All | All | All |
| Application | Plone | Plone | 5.1.7 | All | All | All |
| Application | Plone | Plone | 5.1.6 | All | All | All |
| Application | Plone | Plone | 5.1.5 | All | All | All |
| Application | Plone | Plone | 5.1.4 | All | All | All |
| Application | Plone | Plone | 5.1.3 | All | All | All |
| Application | Plone | Plone | 5.1.2 | All | All | All |
| Application | Plone | Plone | 5.1.1 | All | All | All |
| Application | Plone | Plone | 5.1 | a1 | All | All |
| Application | Plone | Plone | 5.1 | a2 | All | All |
| Application | Plone | Plone | 5.1 | b2 | All | All |