cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-05-02
Updated
2014-06-30
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-03-11
Updated
2014-03-12
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
Max CVSS
5.0
EPSS Score
0.74%
Published
2014-11-03
Updated
2023-02-13
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-02
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
Max CVSS
5.0
EPSS Score
0.53%
Published
2014-09-30
Updated
2023-02-13
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!