Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-02-24
Updated
2017-02-27
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-05-02
Updated
2014-06-30
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-03-11
Updated
2014-03-12
3 vulnerabilities found