cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-05-21
Updated
2021-05-24
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-05-21
Updated
2021-05-27
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
Max CVSS
5.4
EPSS Score
0.08%
Published
2021-05-20
Updated
2021-05-25
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-01-03
Updated
2018-01-17
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-03-11
Updated
2014-03-12
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-09-30
Updated
2014-10-01
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.10%
Published
2014-09-30
Updated
2014-10-01
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-09-30
Updated
2014-10-01
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-09-30
Updated
2014-10-01
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
Max CVSS
3.5
EPSS Score
0.12%
Published
2011-06-06
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.29%
Published
2011-06-06
Updated
2023-02-13
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
Max CVSS
4.3
EPSS Score
0.14%
Published
2010-06-24
Updated
2010-06-24
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!