python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
Max CVSS
5.0
EPSS Score
0.87%
Published
2014-09-30
Updated
2014-10-02
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
Max CVSS
5.0
EPSS Score
1.28%
Published
2014-09-30
Updated
2023-02-13
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
Max CVSS
5.0
EPSS Score
2.03%
Published
2014-09-30
Updated
2023-02-13
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
Max CVSS
5.0
EPSS Score
0.87%
Published
2014-09-30
Updated
2014-10-02
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
1.87%
Published
2011-12-30
Updated
2017-08-29
5 vulnerabilities found