Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1,…

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2)…

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other …

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 a…

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username …

queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass c…

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allow…

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execut…

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta …

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause …

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to in…

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x t…

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the p…

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users …

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Pyth…

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a bl…

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the abilit…

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enume…

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to exe…

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keywor…

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used i…

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.…

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not…

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can…

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) …

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with cert…

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 …

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for…

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and …

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execut…

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause …

kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of ser…

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 al…

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x th…

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x t…

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x throu…

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to condu…

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties…

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain ra…