Plone » Plone » 4.0 : Security Vulnerabilities, CVEs, Published In 2011 CVSS score >= 2

cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*

CVE-2011-4462

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
1.87%
Published
2011-12-30
Updated
2017-08-29

CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Max CVSS
9.3
EPSS Score
0.77%
Published
2011-10-10
Updated
2011-10-30

CVE-2011-3587

Public exploit
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Max CVSS
9.3
EPSS Score
96.89%
Published
2011-10-10
Updated
2011-10-21

CVE-2011-2528

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
Max CVSS
7.5
EPSS Score
0.77%
Published
2011-07-19
Updated
2011-07-25

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Max CVSS
5.5
EPSS Score
0.38%
Published
2011-06-06
Updated
2018-10-09

CVE-2011-1949

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Max CVSS
3.5
EPSS Score
0.12%
Published
2011-06-06
Updated
2018-10-09

CVE-2011-1948

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.29%
Published
2011-06-06
Updated
2023-02-13

CVE-2011-0720

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Max CVSS
7.5
EPSS Score
1.90%
Published
2011-02-03
Updated
2017-08-17
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close