MEDIUM 6.1 PyPI
GHSA-22jm-p2vv-j2hc · CVE-2016-7136, PYSEC-2017-59 Plone XSS
Modified: 10/15/2024
package
PyPI / plone
pkg:pypi/plone
CRITICAL 9.9 PyPI
GHSA-25jh-5h5r-h33m · CVE-2012-5493, PYSEC-2014-35 Plone Sandbox Bypass
Modified: 10/9/2024
HIGH 8.8 PyPI
GHSA-2c8c-84w2-j38j · CVE-2020-28736, PYSEC-2020-248 Improper Restriction of XML External Entity Reference in Plone
Modified: 10/15/2024
MEDIUM 5.3 PyPI
GHSA-2q75-f7cp-w86q · CVE-2012-5500, PYSEC-2014-42 Plone contains Cross-site Request Forgery
Modified: 10/14/2024
MEDIUM 6.5 PyPI
GHSA-2qx8-589j-gcpx · CVE-2011-1950, PYSEC-2011-16 Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
Modified: 11/29/2024
MEDIUM 6.1 PyPI
GHSA-35rg-466w-77h3 · CVE-2021-33507, PYSEC-2021-79 Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
Modified: 10/18/2024
MEDIUM PyPI
GHSA-38g6-x6jv-jwff · CVE-2021-29002, PYSEC-2021-889 Plone XSS Vulnerability
Modified: 12/3/2024
MEDIUM 6.1 PyPI
GHSA-3g6w-4m7x-97v6 · CVE-2012-5494, PYSEC-2014-36 Plone Cross-site scripting Vulnerability
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-3qpr-7rmg-73v8 · CVE-2012-5507, PYSEC-2014-49 Plone and Zope2 affected by Race Condition
Modified: 10/21/2024
CRITICAL 9.1 PyPI
GHSA-3v28-9jjp-4g5w · CVE-2011-0720, PYSEC-2011-13 Plone Privilege Escalation Vulnerability
Modified: 12/4/2024
MEDIUM PyPI
GHSA-46f9-f8jm-mw2x · CVE-2008-4571 Plone Cross-site Scripting vulnerability in the LiveSearch module
Modified: 2/9/2024
MEDIUM 6.1 PyPI
GHSA-4793-w44w-m7xm · CVE-2013-7062, PYSEC-2020-218 Plone Zope cross-site scripting (XSS) vulnerability
Modified: 10/18/2024
HIGH 8.8 PyPI
GHSA-47p5-p3jw-w78w · CVE-2021-33926, PYSEC-2023-289 Server-Side Request Forgery in Plone CMS
Modified: 3/19/2025
HIGH 7.5 PyPI
GHSA-48vv-2pmq-9fvv · CVE-2012-6661, PYSEC-2014-51 Plone and Zope2 do not reseed pseudo-random number generator
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-4j3w-g62x-hrcp · CVE-2008-0164, PYSEC-2008-14 Plone Cross-site request forgery (CSRF)
Modified: 5/20/2026
MEDIUM 4.3 PyPI
GHSA-4mg4-wvmx-5332 · CVE-2021-33510, PYSEC-2021-82 Server-Side Request Forgery in Plone
Modified: 10/18/2024
MEDIUM 4.9 PyPI
GHSA-4vr8-r7qr-fpvq · CVE-2013-7061, PYSEC-2014-66 Plone Privilege escalation through exposed underlying API
Modified: 10/15/2024
HIGH 7.5 PyPI
GHSA-56p3-rrp4-2j82 · CVE-2013-4200, PYSEC-2014-64 Plone Open Redirection vulnerability via next parameter
Modified: 10/15/2024
HIGH PyPI
GHSA-593c-j348-f3gv · CVE-2008-1393 Plone Improper Session Management
Modified: 5/19/2024
CRITICAL 9.1 PyPI
GHSA-5hch-v5pq-x4qp · CVE-2006-4247, PYSEC-2006-5 Plone allows anonymous users to reset any users password through the web via Password Reset Tool
Modified: 5/20/2026
MEDIUM 6.1 PyPI
GHSA-5whw-5cmm-9jw4 · CVE-2012-5504, PYSEC-2014-46 Plone Cross-site scripting Vulnerability
Modified: 10/9/2024
HIGH 7.1 PyPI
GHSA-5xfx-55x4-j223 · CVE-2024-0669 Cross-Frame Scripting vulnerability has been found on Plone CMS
Modified: 2/16/2024
MEDIUM 5.3 PyPI
GHSA-683w-84m7-p8pw · CVE-2012-5497, PYSEC-2014-39 Plone User account enumeration via crafted URL
Modified: 10/14/2024
MEDIUM 6.1 PyPI
GHSA-69vh-662j-v988 · CVE-2016-7137, PYSEC-2017-60 Plone Open Redirect Vulnerability
Modified: 10/15/2024
MEDIUM 5.9 PyPI
GHSA-6fgf-x7wg-hp8r · CVE-2013-4193, PYSEC-2014-57 Plone Unrestricted Filed Manipulation vulnerability via content edit forms
Modified: 10/17/2024
MEDIUM 4.9 PyPI
GHSA-6h8x-73fx-q2h9 · CVE-2016-4043, PYSEC-2017-57 Chameleon in Plone allows Authentication Bypass
Modified: 10/18/2024
MEDIUM 5.3 PyPI
GHSA-6w93-4c4p-xv2x · CVE-2012-5492, PYSEC-2014-34 Plone Metadata Disclosure
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-77hv-8796-8ccp · CVE-2012-5486, PYSEC-2014-28 HTTP header injection in Plone and Zope2
Modified: 12/1/2024
HIGH 7.5 PyPI
GHSA-79hj-474h-v4xv · CVE-2012-5506, PYSEC-2014-48 Plone denial of service via RSS Feed Request
Modified: 10/14/2024
HIGH 7.2 PyPI
GHSA-7hxc-mwx7-5hmc · CVE-2012-5485, PYSEC-2014-27 Plone Code Injection vulnerability
Modified: 10/14/2024
MEDIUM 6.1 PyPI
GHSA-82j9-wfcf-9v2h · CVE-2020-7936, PYSEC-2020-85 Plone Open Redirect Vulnerability
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-84jm-cpc5-c7g7 · CVE-2016-7147, PYSEC-2017-64 Plone XSS in Zope ZMI
Modified: 10/18/2024
MEDIUM 5.4 PyPI
GHSA-859j-668v-mrr6 · CVE-2017-1000482, PYSEC-2018-71 Products.CMFPlone XSS in profile home_page property
Modified: 10/18/2024
MEDIUM 6.5 PyPI
GHSA-879r-7f3w-8jj3 · CVE-2012-5489, PYSEC-2014-31 Plone and Zope2 vulnerable to unauthorized access to restricted attributes
Modified: 10/14/2024
MEDIUM 4.7 PyPI
GHSA-89rq-27xp-vgv7 · CVE-2013-4190, PYSEC-2014-54 Plone vulnerable to cross-site scripting
Modified: 4/13/2025
MEDIUM 6.1 PyPI
GHSA-8g72-gq68-6gqh · CVE-2017-1000481, PYSEC-2018-70 Products.CMFPlone Open Redirect Vulnerability
Modified: 10/17/2024
MEDIUM 5.4 PyPI
GHSA-8mc4-2xrc-g582 · CVE-2020-7937, PYSEC-2020-86 Plone cross site scripting (XSS)
Modified: 10/18/2024
HIGH 7.5 PyPI
GHSA-97rj-p794-wq6m · CVE-2012-5498, PYSEC-2014-40 Plone denial of service via Caching Bypass
Modified: 10/14/2024
MEDIUM 5.9 PyPI
GHSA-984m-rj28-8c6x · CVE-2015-7315, PYSEC-2017-52 Plone unauthorized member addition vulnerability
Modified: 10/18/2024
CRITICAL 9.9 PyPI
GHSA-9m4g-f42q-vrrh · CVE-2012-5487, PYSEC-2014-29 Plone Sandbox Bypass
Modified: 10/14/2024
MEDIUM 6.1 PyPI
GHSA-chvw-gjxf-f8mc · CVE-2016-7140, PYSEC-2017-63 Plone vulnerable to Cross-site Scripting
Modified: 10/18/2024
HIGH 8.8 PyPI
GHSA-cjg3-q24h-9qwf · CVE-2020-7938, PYSEC-2020-87 Plone Privilege Escallation
Modified: 10/18/2024
HIGH 7.5 PyPI
GHSA-cq5g-924m-7fxh · CVE-2012-5505, PYSEC-2014-47 Plone Information Disclosure
Modified: 10/14/2024
MEDIUM PyPI
GHSA-cvwc-g7fw-7xrj · CVE-2011-1340 Plone XSS Vulnerability
Modified: 1/19/2024
HIGH 7.5 PyPI
GHSA-cw58-gpgw-hwx2 · CVE-2020-7940, PYSEC-2020-89 Plone allows weak passwords
Modified: 10/14/2024
CRITICAL 9.8 PyPI
GHSA-cxw7-85xm-3xrc · CVE-2012-5488, PYSEC-2014-30 Plone Code Injection vulnerability
Modified: 10/9/2024
MEDIUM 6.5 PyPI
GHSA-f5h9-3hpf-9j8m · CVE-2013-4192, PYSEC-2014-56 Plone is vulnerable to email spoofing
Modified: 10/15/2024
MEDIUM 5.3 PyPI
GHSA-f8pg-wp5j-rjxx · CVE-2012-5491, PYSEC-2014-33 Plone Information Disclosure
Modified: 10/14/2024
MEDIUM 5.4 PyPI
GHSA-fj67-w3m4-rfmp · CVE-2021-33513, PYSEC-2021-85 Cross-site scripting in Plone
Modified: 10/18/2024
HIGH 7.5 PyPI
GHSA-fq9r-8jpm-2222 · CVE-2015-7318, PYSEC-2017-54 Plone Header Injection
Modified: 10/18/2024
HIGH 7.5 PyPI
GHSA-gc9g-67cq-p7v4 · CVE-2021-33511, PYSEC-2021-83 Server-Side Request Forgery in Plone
Modified: 10/18/2024
MEDIUM 4.8 PyPI
GHSA-grwx-4p5v-9g2g · CVE-2013-4191, PYSEC-2014-55 Plone is vulnerable to Information Exposure when generating zip archives
Modified: 10/15/2024
HIGH 7.5 PyPI
GHSA-gx6w-hcw3-5r37 · CVE-2012-5496, PYSEC-2014-38 Plone DoS via Crafted URL
Modified: 10/14/2024
MEDIUM 5.4 PyPI
GHSA-h6hq-c896-w882 · CVE-2011-1949, PYSEC-2011-15 Plone Cross-site Scripting vulnerability
Modified: 10/14/2024
CRITICAL 9.8 PyPI
GHSA-hf26-vvmx-x8c8 · CVE-2007-5741, PYSEC-2007-4 Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Modified: 11/26/2024
HIGH 8.8 PyPI
GHSA-hhmf-7rgg-gcw5 · CVE-2020-7939, PYSEC-2020-88 Plone SQL Injection Vulnerability
Modified: 10/15/2024
MEDIUM PyPI
GHSA-hjp5-hv33-q58g · CVE-2008-1396 Plone credentials stored in session cookie
Modified: 11/8/2023
MEDIUM 5.4 PyPI
GHSA-hm2h-f456-6j88 · CVE-2021-33512, PYSEC-2021-84 Cross-site scripting in Plone
Modified: 10/21/2024
CRITICAL 9.9 PyPI
GHSA-hm2p-fhwx-9285 · CVE-2021-33509, PYSEC-2021-81 Incorrect Permission Assignment for Critical Resource in Plone
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-hprr-4vfq-fcxw · CVE-2021-3313, PYSEC-2021-78 Plone XSS in User Fullname Property and File Upload
Modified: 10/15/2024
MEDIUM 6.1 PyPI
GHSA-hr59-35cr-qf43 · CVE-2012-5502, PYSEC-2014-44 Plone Cross-site scripting Vulnerability
Modified: 10/9/2024
MEDIUM 4.7 PyPI
GHSA-j67j-8hrp-76xm · CVE-2013-4195, PYSEC-2014-59 Plone Multiple open redirect vulnerabilities
Modified: 10/18/2024
MEDIUM PyPI
GHSA-jcwh-rj6j-vm75 · CVE-2006-1711 Plone allows remote users to modify arbitrary portraits
Modified: 2/12/2024
HIGH 8.1 PyPI
GHSA-jjvw-3h9j-p7jf · CVE-2013-4197, PYSEC-2014-61 Plone Improper Access Control Vulnerability
Modified: 10/15/2024
MEDIUM 4.9 PyPI
GHSA-m7f9-65wr-pwch · CVE-2016-7135, PYSEC-2017-58 Plone vulnerable to filesystem information leak
Modified: 10/18/2024
LOW 3.7 PyPI
GHSA-mm32-jw73-9227 · CVE-2013-4194, PYSEC-2014-58 Plone is vulnerable to File System Path Exposure
Modified: 10/18/2024
HIGH PyPI
GHSA-mq3q-jjph-rp5p · CVE-2008-1394 Plone CMS Improper Session Management
Modified: 5/19/2024
HIGH 8.8 PyPI
GHSA-p3qm-44cf-f8qx · CVE-2015-7293, PYSEC-2017-51 Plone vulnerable to cross-site request forgery
Modified: 10/18/2024
MEDIUM 4.3 PyPI
GHSA-p5wr-vp8g-q5p4 · CVE-2017-5524, PYSEC-2017-81 Plone Sandbox Escape
Modified: 10/18/2024
HIGH PyPI
GHSA-p6h9-hpcg-c6gm · CVE-2011-2528, PYSEC-2011-25 High severity vulnerability that affects Plone and Zope2
Modified: 5/20/2026
MEDIUM 6.1 PyPI
GHSA-p7h9-vf92-5fj5 · CVE-2011-1948, PYSEC-2011-14 Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
Modified: 10/14/2024
HIGH 7.5 PyPI
GHSA-pcwm-8jc3-qxvj · CVE-2011-4462, PYSEC-2011-22 Plone Denial of Service vulnerability
Modified: 10/14/2024
MEDIUM 6.1 PyPI
GHSA-pp4c-2692-7f37 · CVE-2016-7139, PYSEC-2017-62 Plone Cross-site Scripting (XSS) vulnerability
Modified: 10/15/2024
HIGH 7.5 PyPI
GHSA-prr5-pfr8-q9f3 · CVE-2012-5503, PYSEC-2014-45 Plone allows remote attackers to read hidden folder contents
Modified: 12/4/2024
HIGH 7.5 PyPI
GHSA-pvhv-qwc8-r2pg · CVE-2012-5501, PYSEC-2014-43 Plone Arbitrary File Read
Modified: 11/29/2024
HIGH PyPI
GHSA-pwgm-jvqv-6v8p · CVE-2011-4030 Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
Modified: 12/3/2024
MEDIUM 4.9 PyPI
GHSA-pwpq-632g-h49g · CVE-2013-4189, PYSEC-2014-53 Plone Privilege escalation due improper authorization
Modified: 4/13/2025
MEDIUM 6.1 PyPI
GHSA-q46g-v7r4-9vhr · CVE-2012-5490, PYSEC-2014-32 Plone Cross-site scripting Vulnerability
Modified: 10/9/2024
MEDIUM 6.5 PyPI
GHSA-qc57-h2f7-p4hx · CVE-2017-1000483, PYSEC-2018-72 Plone Unauthorized Access Vulnerability
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-qfhw-fv3g-v836 · CVE-2021-35959, PYSEC-2021-110 Plone has stored XSS in folder contents
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-qj7x-wm9q-qjx8 · CVE-2010-2422, PYSEC-2010-19 Plone Cross-site Scripting vulnerability in PortalTransforms
Modified: 10/14/2024
MEDIUM 4.3 PyPI
GHSA-qjxf-6pr8-j87v · CVE-2013-4198, PYSEC-2014-62 Plone's authenticated users able to alter their password despite of policy definition
Modified: 10/18/2024
MEDIUM 5.3 PyPI
GHSA-qphh-5fv5-2mjj · CVE-2013-4196, PYSEC-2014-60 Plone is vulnerable to information exposure via the object manager implementation
Modified: 10/18/2024
HIGH 7.3 PyPI
GHSA-qqgj-22gr-73vx · CVE-2016-4041, PYSEC-2017-55 Plone vulnerable to privilege escalation in WebDAV
Modified: 11/28/2024
MEDIUM 5.9 PyPI
GHSA-r7j4-82xw-8m9p · CVE-2006-4249, PYSEC-2006-10 Plone allows a user to masquerade as a group
Modified: 5/20/2026
MEDIUM 5.3 PyPI
GHSA-rg52-j87w-pf83 · CVE-2013-7060, PYSEC-2014-65 Plone Filesystem path information leak
Modified: 10/15/2024
MEDIUM 5.4 PyPI
GHSA-rmpv-rcp6-v8wc · CVE-2021-33508, PYSEC-2021-80 Cross-site scripting in Plone
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-v3hp-f8qr-cf3p · CVE-2016-7138, PYSEC-2017-61 Plone XSS
Modified: 10/18/2024
MEDIUM 5.3 PyPI
GHSA-v4vj-49m5-wjhw · CVE-2016-4042, PYSEC-2017-56 Plone vulnerable to unauthorized disclosure of site content
Modified: 10/18/2024
MEDIUM 6.1 PyPI
GHSA-vf8g-m3vq-6p4p · CVE-2015-7316, PYSEC-2017-53 Plone Cross-site Scripting Vulnerability
Modified: 10/18/2024
MEDIUM 4.4 PyPI
GHSA-w3pw-qxjj-6prr · CVE-2013-4188, PYSEC-2014-52 Plone Authenticated Denial of Service vulnerability
Modified: 10/15/2024
CRITICAL 9.8 PyPI
GHSA-w6g9-xccc-347h · CVE-2020-7941, PYSEC-2020-90 Plone Unauthenticated Write Vulnerability
Modified: 10/18/2024
CRITICAL 9.8 PyPI
GHSA-w6pw-5gh5-4952 · CVE-2012-5495, PYSEC-2014-37 Plone python code injection
Modified: 10/14/2024
MEDIUM 5.3 PyPI
GHSA-wprr-mc54-c62q · CVE-2012-5508, PYSEC-2014-50 Exposure of Sensitive Information in Plone
Modified: 10/14/2024
HIGH 8.8 PyPI
GHSA-wq6x-g685-w5f2 · CVE-2020-28734, PYSEC-2020-246 Improper Restriction of XML External Entity Reference in Plone
Modified: 10/17/2024
HIGH 7.5 PyPI
GHSA-wrf2-2rch-cmr9 · CVE-2012-5499, PYSEC-2014-41 Plone is vulnerable to denial of service
Modified: 10/14/2024
HIGH 8.8 PyPI
GHSA-x7wf-5mjc-6x76 · CVE-2020-28735, PYSEC-2020-247 SSRF attacks via tracebacks in Plone
Modified: 10/15/2024
LOW 3.1 PyPI
GHSA-xfjq-9rxq-ph6m · CVE-2013-4199, PYSEC-2014-63 Plone Denial of Service vulnerability via decompressing large zip archives
Modified: 10/17/2024
MEDIUM 5.5 PyPI
GHSA-xg5p-8wg5-rhxm · CVE-2024-22889 Phone information disclosure vulnerability
Modified: 10/31/2024
MEDIUM 6.1 PyPI
GHSA-xvwv-6wvx-px9x · CVE-2017-1000484, PYSEC-2018-73 Plone Open Redirect
Modified: 10/18/2024