Known Vulnerabilities for products from Plone

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Plone".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2024-23055 json		6.1 - MEDIUM	2024-01-25	2024-02-02
CVE-2024-0669 json		7.1 - HIGH	2024-01-18	2024-01-26
CVE-2023-42457 json	plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior...	7.5 - HIGH	2023-09-21	2023-09-25
CVE-2023-41048 json	plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Pr...	5.4 - MEDIUM	2023-09-21	2023-09-26
CVE-2022-24740 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	7.5 - HIGH	2022-03-14	2022-03-22
CVE-2022-23599 json	Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATCo...	6.1 - MEDIUM	2022-01-28	2023-06-27
CVE-2021-35959 json	In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder ...	5.4 - MEDIUM	2021-06-30	2021-07-02
CVE-2021-33926 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	8.8 - HIGH	2023-02-17	2023-03-02
CVE-2021-33513 json	Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.	5.4 - MEDIUM	2021-05-21	2021-05-24
CVE-2021-33512 json	Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.	5.4 - MEDIUM	2021-05-21	2021-05-24
CVE-2021-33511 json	Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plo...	7.5 - HIGH	2021-05-21	2021-05-24
CVE-2021-33510 json	Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a...	4.3 - MEDIUM	2021-05-21	2021-05-24
CVE-2021-33509 json	Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructure...	9.9 - CRITICAL	2021-05-21	2021-05-24
CVE-2021-33508 json	Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.	5.4 - MEDIUM	2021-05-21	2021-05-24
CVE-2021-33507 json	Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other p...	6.1 - MEDIUM	2021-05-21	2021-05-27
CVE-2021-32806 json	Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 ...	6.1 - MEDIUM	2021-08-02	2021-09-20
CVE-2021-32633 json	Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indi...	8.8 - HIGH	2021-05-21	2022-04-06
CVE-2021-29002 json	A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_t...	5.4 - MEDIUM	2021-03-24	2021-12-08
CVE-2021-21336 json	Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic...	6.5 - MEDIUM	2021-03-08	2022-06-03
CVE-2021-3313 json	Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the fil...	5.4 - MEDIUM	2021-05-20	2021-05-25

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Plone

Type	Vendor	Product	Version
Application	Plone	Plone	1.0