cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
Max CVSS
5.3
Published
2017-02-24
Updated
2017-02-27
EPSS
0.17%
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
Max CVSS
5.0
Published
2014-05-02
Updated
2014-06-30
EPSS
0.31%
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
Max CVSS
4.3
Published
2014-03-11
Updated
2014-03-12
EPSS
0.36%
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
Max CVSS
5.0
Published
2014-11-03
Updated
2023-02-13
EPSS
0.74%
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Max CVSS
5.0
Published
2014-09-30
Updated
2014-10-02
EPSS
0.36%
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
Max CVSS
5.0
Published
2014-09-30
Updated
2023-02-13
EPSS
0.53%
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Max CVSS
5.0
Published
2014-09-30
Updated
2014-10-01
EPSS
0.36%
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Max CVSS
4.3
Published
2014-09-30
Updated
2014-10-01
EPSS
0.36%
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!