| Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7136)
|
CVE-2016-7136
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7138)
|
CVE-2016-7138
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7139)
|
CVE-2016-7139
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7140)
|
CVE-2016-7140
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7147)
|
CVE-2016-7147
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000482)
|
CVE-2017-1000482
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7937)
|
CVE-2020-7937
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3313)
|
CVE-2021-3313
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29002)
|
CVE-2021-29002
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33507)
|
CVE-2021-33507
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33508)
|
CVE-2021-33508
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33512)
|
CVE-2021-33512
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33513)
|
CVE-2021-33513
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35959)
|
CVE-2021-35959
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23599)
|
CVE-2022-23599
CWE-707
|
CWE-707
|
Medium
|
|
Plone CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7939)
|
CVE-2020-7939
CWE-138
|
CWE-138
|
High
|
|
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7938)
|
CVE-2020-7938
CWE-269
|
CWE-269
|
High
|
|
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7941)
|
CVE-2020-7941
CWE-269
|
CWE-269
|
Critical
|
|
Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)
|
CVE-2024-0669
CWE-1021
|
CWE-1021
|
High
|
|
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28734)
|
CVE-2020-28734
CWE-611
|
CWE-611
|
High
|
|
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
|
CVE-2020-28736
CWE-611
|
CWE-611
|
High
|
|
Plone CMS Incorrect Default Permissions Vulnerability (CVE-2024-22889)
|
CVE-2024-22889
CWE-276
|
CWE-276
|
High
|
|
Plone CMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-33509)
|
CVE-2021-33509
CWE-732
|
CWE-732
|
Critical
|
|
Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)
|
CVE-2020-35190
CWE-306
|
CWE-306
|
Critical
|
|
Plone CMS Other Vulnerability (CVE-2006-1711)
|
CVE-2006-1711
|
|
Medium
|
|
Plone CMS Other Vulnerability (CVE-2006-4247)
|
CVE-2006-4247
|
|
Medium
|
|
Plone CMS Other Vulnerability (CVE-2006-4249)
|
CVE-2006-4249
|
|
Medium
|
|
Plone CMS Other Vulnerability (CVE-2012-5486)
|
CVE-2012-5486
|
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1950)
|
CVE-2011-1950
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4030)
|
CVE-2011-4030
CWE-264
|
CWE-264
|
Critical
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
|
CVE-2012-5487
CWE-264
|
CWE-264
|
High
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5489)
|
CVE-2012-5489
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)
|
CVE-2012-5498
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)
|
CVE-2012-5501
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)
|
CVE-2013-4191
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4193)
|
CVE-2013-4193
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)
|
CVE-2013-4196
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)
|
CVE-2013-4198
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4200)
|
CVE-2013-4200
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7061)
|
CVE-2013-7061
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)
|
CVE-2015-7317
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4041)
|
CVE-2016-4041
CWE-264
|
CWE-264
|
High
|
|
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)
|
CVE-2016-4043
CWE-264
|
CWE-264
|
Medium
|
|
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)
|
CVE-2012-5496
|
|
Medium
|
|
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5499)
|
CVE-2012-5499
|
|
Medium
|
|
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5506)
|
CVE-2012-5506
|
|
Medium
|
|
Plone CMS Resource Management Errors Vulnerability (CVE-2013-4188)
|
CVE-2013-4188
|
|
Medium
|
|
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28735)
|
CVE-2020-28735
CWE-918
|
CWE-918
|
High
|
|
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33510)
|
CVE-2021-33510
CWE-918
|
CWE-918
|
Medium
|
|
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)
|
CVE-2021-33511
CWE-918
|
CWE-918
|
High
|
|
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)
|
CVE-2021-33926
CWE-918
|
CWE-918
|
High
|
|
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)
|
CVE-2016-7137
CWE-601
|
CWE-601
|
Medium
|
|
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)
|
CVE-2017-1000481
CWE-601
|
CWE-601
|
Medium
|
|
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)
|
CVE-2017-1000484
CWE-601
|
CWE-601
|
Medium
|
|
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)
|
CVE-2020-7936
CWE-601
|
CWE-601
|
Medium
|
|
Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)
|
CVE-2017-5524
CWE-134
|
CWE-134
|
Medium
|
|
Plone CMS Weak Password Requirements Vulnerability (CVE-2020-7940)
|
CVE-2020-7940
CWE-521
|
CWE-521
|
High
|
|
Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)
|
CVE-2016-4566
|
|
Medium
|
|
PmWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4453)
|
CVE-2011-4453
CWE-94
|
CWE-94
|
High
|
|
PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1481)
|
CVE-2010-1481
CWE-707
|
CWE-707
|
Low
|
|
PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4662)
|
CVE-2010-4662
CWE-707
|
CWE-707
|
Medium
|
|
PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4748)
|
CVE-2010-4748
CWE-707
|
CWE-707
|
Medium
|
|
PmWiki Other Vulnerability (CVE-2005-3849)
|
CVE-2005-3849
|
|
Medium
|
|
PmWiki Other Vulnerability (CVE-2006-2840)
|
CVE-2006-2840
|
|
Medium
|
|
PmWiki Other Vulnerability (CVE-2006-4453)
|
CVE-2006-4453
|
|
Medium
|
|
Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20121)
|
CVE-2018-20121
CWE-707
|
CWE-707
|
Medium
|
|
Polyfill.io Supply Chain Attack
|
|
|
High
|
|
Possible cross site scripting via Host header
|
CWE-79
|
CWE-79
|
High
|
|
Possible CSRF (Cross-site request forgery)
|
CWE-352
|
CWE-352
|
Low
|
|
Possible database backup
|
CWE-538
|
CWE-538
|
High
|
|
Possible Database Name Disclosure
|
CWE-200
|
CWE-200
|
Low
|
|
Possible sensitive directories
|
CWE-200
|
CWE-200
|
Low
|
|
Possible sensitive files
|
CWE-200
|
CWE-200
|
Low
|
|
Possible SQL Statement in comment
|
CWE-200
|
CWE-200
|
Low
|
|
Possible username or password disclosure
|
CWE-200
|
CWE-200
|
Low
|
