Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-02-24
Updated
2017-02-27
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
Max CVSS
8.8
EPSS Score
0.30%
Published
2017-09-25
Updated
2017-10-06
2 vulnerabilities found