U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 65 matching records.
Displaying matches 61 through 65.
Vuln ID Summary CVSS Severity
CVE-2011-4462

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: December 29, 2011; 8:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4030

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Published: October 10, 2011; 6:55:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Published: October 10, 2011; 6:55:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1948

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: June 06, 2011; 3:55:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0662

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Published: April 23, 2009; 1:30:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.0 MEDIUM