Plone » Plone » 4.2.3 : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak) CVSS score >= 2
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-05-02
Updated
2014-06-30
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-03-11
Updated
2014-03-12
2 vulnerabilities found