U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 45 matching records.
Displaying matches 41 through 45.
Vuln ID Summary CVSS Severity
CVE-2011-4462

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: December 29, 2011; 8:55:01 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2011-1340

Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.

Published: August 05, 2011; 5:55:01 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2011-1948

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: June 06, 2011; 3:55:02 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-0662

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Published: April 23, 2009; 1:30:01 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.0 MEDIUM
CVE-2008-4571

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

Published: October 15, 2008; 4:00:03 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM