Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)	CVE-2012-5508 CWE-200	CWE-200	Medium
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)	CVE-2013-4194 CWE-200	CWE-200	Medium
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)	CVE-2013-7060 CWE-200	CWE-200	Medium
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)	CVE-2016-4042 CWE-200	CWE-200	Medium
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)	CVE-2021-21336 CWE-200	CWE-200	Medium
Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)	CVE-2015-7315 CWE-284	CWE-284	Medium
Plone CMS Improper Authentication Vulnerability (CVE-2009-0662)	CVE-2009-0662 CWE-287	CWE-287	Medium
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)	CVE-2012-5485 CWE-94	CWE-94	Medium
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)	CVE-2012-5488 CWE-94	CWE-94	Medium
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)	CVE-2012-5495 CWE-94	CWE-94	Medium
Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)	CVE-2011-4462 CWE-20	CWE-20	Medium
Plone CMS Improper Input Validation Vulnerability (CVE-2013-4192)	CVE-2013-4192 CWE-20	CWE-20	Medium
Plone CMS Improper Input Validation Vulnerability (CVE-2013-4195)	CVE-2013-4195 CWE-20	CWE-20	Medium
Plone CMS Improper Input Validation Vulnerability (CVE-2013-4197)	CVE-2013-4197 CWE-20	CWE-20	Medium
Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-7135)	CVE-2016-7135 CWE-22	CWE-22	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4571)	CVE-2008-4571 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2422)	CVE-2010-2422 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1340)	CVE-2011-1340 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1948)	CVE-2011-1948 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5490)	CVE-2012-5490 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5494)	CVE-2012-5494 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5504)	CVE-2012-5504 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4190)	CVE-2013-4190 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7062)	CVE-2013-7062 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7316)	CVE-2015-7316 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7136)	CVE-2016-7136 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7138)	CVE-2016-7138 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7139)	CVE-2016-7139 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7140)	CVE-2016-7140 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7147)	CVE-2016-7147 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000482)	CVE-2017-1000482 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7937)	CVE-2020-7937 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3313)	CVE-2021-3313 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29002)	CVE-2021-29002 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33507)	CVE-2021-33507 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33508)	CVE-2021-33508 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33512)	CVE-2021-33512 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33513)	CVE-2021-33513 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35959)	CVE-2021-35959 CWE-707	CWE-707	Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23599)	CVE-2022-23599 CWE-707	CWE-707	Medium
Plone CMS Other Vulnerability (CVE-2006-1711)	CVE-2006-1711		Medium
Plone CMS Other Vulnerability (CVE-2006-4247)	CVE-2006-4247		Medium
Plone CMS Other Vulnerability (CVE-2006-4249)	CVE-2006-4249		Medium
Plone CMS Other Vulnerability (CVE-2012-5486)	CVE-2012-5486		Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1950)	CVE-2011-1950 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5489)	CVE-2012-5489 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)	CVE-2012-5498 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)	CVE-2012-5501 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)	CVE-2013-4191 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4193)	CVE-2013-4193 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)	CVE-2013-4196 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)	CVE-2013-4198 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4200)	CVE-2013-4200 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7061)	CVE-2013-7061 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)	CVE-2015-7317 CWE-264	CWE-264	Medium
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)	CVE-2016-4043 CWE-264	CWE-264	Medium
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)	CVE-2012-5496		Medium
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5499)	CVE-2012-5499		Medium
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5506)	CVE-2012-5506		Medium
Plone CMS Resource Management Errors Vulnerability (CVE-2013-4188)	CVE-2013-4188		Medium
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33510)	CVE-2021-33510 CWE-918	CWE-918	Medium
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)	CVE-2016-7137 CWE-601	CWE-601	Medium
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)	CVE-2017-1000481 CWE-601	CWE-601	Medium
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)	CVE-2017-1000484 CWE-601	CWE-601	Medium
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)	CVE-2020-7936 CWE-601	CWE-601	Medium
Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)	CVE-2017-5524 CWE-134	CWE-134	Medium
Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)	CVE-2016-4566		Medium
PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4662)	CVE-2010-4662 CWE-707	CWE-707	Medium
PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4748)	CVE-2010-4748 CWE-707	CWE-707	Medium
PmWiki Other Vulnerability (CVE-2005-3849)	CVE-2005-3849		Medium
PmWiki Other Vulnerability (CVE-2006-2840)	CVE-2006-2840		Medium
PmWiki Other Vulnerability (CVE-2006-4453)	CVE-2006-4453		Medium
Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20121)	CVE-2018-20121 CWE-707	CWE-707	Medium
PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0062)	CVE-2014-0062 CWE-362	CWE-362	Medium
PostgreSQL Cryptographic Issues Vulnerability (CVE-2009-4034)	CVE-2009-4034		Medium

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)

CVE-2012-5508

CWE-200

Medium

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

CVE-2013-4194

CWE-200

Medium

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)

CVE-2013-7060

CWE-200

Medium

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)

CVE-2016-4042

CWE-200

Medium

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

CVE-2021-21336

CWE-200

Medium

Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)

CVE-2015-7315

CWE-284

Medium

Plone CMS Improper Authentication Vulnerability (CVE-2009-0662)

CVE-2009-0662

CWE-287

Medium

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)

CVE-2012-5485

CWE-94

Medium

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

CVE-2012-5488

CWE-94

Medium

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)

CVE-2012-5495

CWE-94

Medium

Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)

CVE-2011-4462

CWE-20

Medium

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4192)

CVE-2013-4192

CWE-20

Medium

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4195)

CVE-2013-4195

CWE-20

Medium

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4197)

CVE-2013-4197

CWE-20

Medium

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-7135)

CVE-2016-7135

CWE-22

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4571)

CVE-2008-4571

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2422)

CVE-2010-2422

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1340)

CVE-2011-1340

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1948)

CVE-2011-1948

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5490)

CVE-2012-5490

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5494)

CVE-2012-5494

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5504)

CVE-2012-5504

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4190)

CVE-2013-4190

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7062)

CVE-2013-7062

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7316)

CVE-2015-7316

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7136)

CVE-2016-7136

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7138)

CVE-2016-7138

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7139)

CVE-2016-7139

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7140)

CVE-2016-7140

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7147)

CVE-2016-7147

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000482)

CVE-2017-1000482

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7937)

CVE-2020-7937

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3313)

CVE-2021-3313

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29002)

CVE-2021-29002

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33507)

CVE-2021-33507

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33508)

CVE-2021-33508

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33512)

CVE-2021-33512

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33513)

CVE-2021-33513

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35959)

CVE-2021-35959

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23599)

CVE-2022-23599

CWE-707

Medium

Plone CMS Other Vulnerability (CVE-2006-1711)

CVE-2006-1711

Medium

Plone CMS Other Vulnerability (CVE-2006-4247)

CVE-2006-4247

Medium

Plone CMS Other Vulnerability (CVE-2006-4249)

CVE-2006-4249

Medium

Plone CMS Other Vulnerability (CVE-2012-5486)

CVE-2012-5486

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1950)

CVE-2011-1950

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5489)

CVE-2012-5489

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)

CVE-2012-5498

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)

CVE-2012-5501

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)

CVE-2013-4191

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4193)

CVE-2013-4193

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)

CVE-2013-4196

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

CVE-2013-4198

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4200)

CVE-2013-4200

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7061)

CVE-2013-7061

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)

CVE-2015-7317

CWE-264

Medium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)

CVE-2016-4043

CWE-264

Medium

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)

CVE-2012-5496

Medium

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5499)

CVE-2012-5499

Medium

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5506)

CVE-2012-5506

Medium

Plone CMS Resource Management Errors Vulnerability (CVE-2013-4188)

CVE-2013-4188

Medium

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33510)

CVE-2021-33510

CWE-918

Medium

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)

CVE-2016-7137

CWE-601

Medium

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)

CVE-2017-1000481

CWE-601

Medium

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)

CVE-2017-1000484

CWE-601

Medium

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)

CVE-2020-7936

CWE-601

Medium

Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)

CVE-2017-5524

CWE-134

Medium

Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)

CVE-2016-4566

Medium

PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4662)

CVE-2010-4662

CWE-707

Medium

PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4748)

CVE-2010-4748

CWE-707

Medium

PmWiki Other Vulnerability (CVE-2005-3849)

CVE-2005-3849

Medium

PmWiki Other Vulnerability (CVE-2006-2840)

CVE-2006-2840

Medium

PmWiki Other Vulnerability (CVE-2006-4453)

CVE-2006-4453

Medium

Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20121)

CVE-2018-20121

CWE-707

Medium

PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0062)

CVE-2014-0062

CWE-362

Medium

PostgreSQL Cryptographic Issues Vulnerability (CVE-2009-4034)

CVE-2009-4034

Medium

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities