cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-02
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
Max CVSS
5.0
EPSS Score
0.53%
Published
2014-09-30
Updated
2023-02-13
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!