pkg:PyPI/plone

All known vulnerabilities

• CRITICAL9.9CVE-2012-5487Plone Sandbox Bypass
  from 0, < 4.2.3
• CRITICAL9.9CVE-2012-5487Plone Sandbox Bypass
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• CRITICAL9.9CVE-2012-5493Plone Sandbox Bypass
  from 0, < 4.2.3
• CRITICAL9.9CVE-2012-5493Plone Sandbox Bypass
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• CRITICAL9.9CVE-2021-33509Incorrect Permission Assignment for Critical Resource in Plone
  from 0, < 5.2.5
• CRITICAL9.9CVE-2021-33509Incorrect Permission Assignment for Critical Resource in Plone
  from 0, < 5.2.5
• CRITICAL9.8CVE-2020-7941Plone Unauthenticated Write Vulnerability
  >= 4.3, < 5.2.2
• CRITICAL9.8CVE-2020-7941Plone Unauthenticated Write Vulnerability
  >= 4.3, <= 5.2.1
• CRITICAL9.8CVE-2012-5495Plone python code injection
  from 0, < 4.2.3
• CRITICAL9.8CVE-2012-5495Plone python code injection
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• CRITICAL9.8CVE-2012-5488Plone Code Injection vulnerability
  from 0, < 4.2.3
• CRITICAL9.8CVE-2012-5488Plone Code Injection vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• CRITICAL9.8CVE-2007-5741zope-cmfplone - arbitrary code
  >= 2.5, < 2.5.5
• CRITICAL9.8CVE-2007-5741zope-cmfplone - arbitrary code
  >= 2.5, < 2.5.5
• CRITICAL9.1CVE-2011-0720Plone Privilege Escalation Vulnerability
  >= 2.5, < 4.0.4
• CRITICAL9.1CVE-2011-0720Plone Privilege Escalation Vulnerability
  from 0, < 4.0.1
• CRITICAL9.1CVE-2006-4247Plone allows anonymous users to reset any users password through the web via Password Reset Tool
  >= 2.5, < 2.5.1
• CRITICAL9.1CVE-2006-4247Plone allows anonymous users to reset any users password through the web via Password Reset Tool
  >= 2.5, < 2.5.1
• CRITICAL9.1CVE-2006-4247Plone allows anonymous users to reset any users password through the web via Password Reset Tool
  from 0, <= 2.5, <= 2.5.1_rc
• HIGH8.8CVE-2021-33926Server-Side Request Forgery in Plone CMS
  >= 4.3, < 5.2.5
• HIGH8.8CVE-2021-33926Server-Side Request Forgery in Plone CMS
  >= 4.3, < 5.2.5
• HIGH8.8CVE-2020-7939Plone SQL Injection Vulnerability
  >= 4.0, <= 5.2.1
• HIGH8.8CVE-2020-7939Plone SQL Injection Vulnerability
  >= 4.0, < 5.2.2
• HIGH8.8CVE-2020-7938Plone Privilege Escallation
  >= 5.2.0, < 5.2.2
• HIGH8.8CVE-2020-7938Plone Privilege Escallation
  >= 5.2.0, < 5.2.2
• HIGH8.8CVE-2015-7293Plone vulnerable to cross-site request forgery
  from 0, < 5.0a1
• HIGH8.8CVE-2015-7293Plone vulnerable to cross-site request forgery
  from 0, < 5.0a1
• HIGH8.8CVE-2020-28736Improper Restriction of XML External Entity Reference in Plone
  from 0, < 5.2.3
• HIGH8.8CVE-2020-28736Improper Restriction of XML External Entity Reference in Plone
  from 0, < 5.2.3
• HIGH8.8CVE-2020-28735SSRF attacks via tracebacks in Plone
  from 0, < 5.2.3
• HIGH8.8CVE-2020-28735SSRF attacks via tracebacks in Plone
  from 0, < 5.2.3
• HIGH8.8CVE-2020-28734Improper Restriction of XML External Entity Reference in Plone
  from 0, < 5.2.3
• HIGH8.8CVE-2020-28734Improper Restriction of XML External Entity Reference in Plone
  from 0, < 5.2.3
• HIGH8.1CVE-2013-4197Plone Improper Access Control Vulnerability
  >= 2.1, < 4.1.1
• HIGH8.1CVE-2013-4197Plone Improper Access Control Vulnerability
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• HIGH7.5CVE-2020-7940Plone allows weak passwords
  >= 4.3, < 5.2.1
• HIGH7.5CVE-2020-7940Plone allows weak passwords
  >= 4.3, < 4.3.20
• HIGH7.5CVE-2012-5501Plone Arbitrary File Read
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5501Plone Arbitrary File Read
  from 0, < 4.2.3
• HIGH7.5CVE-2012-5496Plone DoS via Crafted URL
  from 0, < 4.0
• HIGH7.5CVE-2012-5496Plone DoS via Crafted URL
  from 0, < 3.3.6
• HIGH7.5CVE-2012-5505Plone Information Disclosure
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5505Plone Information Disclosure
  from 0, < 4.2.3
• HIGH7.5CVE-2012-5506Plone denial of service via RSS Feed Request
  from 0, < 4.2.3
• HIGH7.5CVE-2012-5506Plone denial of service via RSS Feed Request
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5499Plone is vulnerable to denial of service
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5499Plone is vulnerable to denial of service
  >= 4.0, < 4.2.3
• HIGH7.5CVE-2012-5498Plone denial of service via Caching Bypass
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5498Plone denial of service via Caching Bypass
  from 0, < 4.2.3
• HIGH7.5CVE-2015-7318Plone Header Injection
  >= 3.3, < 4.0a1
• HIGH7.5CVE-2015-7318Plone Header Injection
  >= 3.3, < 4.0a1
• HIGH7.5CVE-2013-4200Plone Open Redirection vulnerability via next parameter
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• HIGH7.5CVE-2013-4200Plone Open Redirection vulnerability via next parameter
  >= 2.1, < 4.1.1
• HIGH7.5CVE-2008-0164Plone Cross-site request forgery (CSRF)
  >= 3.0.5, <= 3.0.6
• HIGH7.5CVE-2008-0164Plone Cross-site request forgery (CSRF)
  from 0, < 3.1
• HIGH7.5CVE-2008-0164Plone Cross-site request forgery (CSRF)
  from 0, < 3.1
• HIGH7.5CVE-2021-33511Server-Side Request Forgery in Plone
  from 0, <= 5.2.4
• HIGH7.5CVE-2021-33511Server-Side Request Forgery in Plone
  from 0, < 5.2.5
• HIGH7.5CVE-2012-5503Plone allows remote attackers to read hidden folder contents
  from 0, < 4.2.3
• HIGH7.5CVE-2012-5503Plone allows remote attackers to read hidden folder contents
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-5486HTTP header injection in Plone and Zope2
  >= 3.3.2, < 4.2.3
• HIGH7.5CVE-2012-5486HTTP header injection in Plone and Zope2
  from 0, < 4.2.3
• HIGH7.5CVE-2012-6661Plone and Zope2 do not reseed pseudo-random number generator
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2012-6661Plone and Zope2 do not reseed pseudo-random number generator
  >= 3.2.2, < 4.2.3
• HIGH7.5CVE-2012-5507Plone and Zope2 affected by Race Condition
  >= 3.2.2, < 4.2.3
• HIGH7.5CVE-2012-5507Plone and Zope2 affected by Race Condition
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.5CVE-2011-4462Plone Denial of Service vulnerability
  from 0, < 4.1.4
• HIGH7.5CVE-2011-4462Plone Denial of Service vulnerability
  from 0, < 4.1.4
• HIGH7.3CVE-2016-4041Plone vulnerable to privilege escalation in WebDAV
  >= 4.0, < 5.1a2
• HIGH7.3CVE-2016-4041Plone vulnerable to privilege escalation in WebDAV
  >= 3.3, < 4.3.10
• HIGH7.2CVE-2012-5485Plone Code Injection vulnerability
  from 0, < 4.2.3
• HIGH7.2CVE-2012-5485Plone Code Injection vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• HIGH7.1CVE-2024-0669Cross-Frame Scripting vulnerability has been found on Plone CMS
  from 0, < 6.0.7
• MEDIUM6.5CVE-2013-4192Plone is vulnerable to email spoofing
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM6.5CVE-2013-4192Plone is vulnerable to email spoofing
  >= 2.1, < 4.1.1
• MEDIUM6.5CVE-2017-1000483Plone Unauthorized Access Vulnerability
  >= 2.5, < 4.3.16, >= 5, < 5.1.0
• MEDIUM6.5CVE-2017-1000483Plone Unauthorized Access Vulnerability
  >= 2.5, < 4.3.16
• MEDIUM6.5CVE-2011-1950Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
  >= 4.0.1, < 4.0.6
• MEDIUM6.5CVE-2011-1950Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts
  from 0, < 4.1.1
• MEDIUM6.5CVE-2012-5489Plone and Zope2 vulnerable to unauthorized access to restricted attributes
  >= 3.2.2, < 4.2.3
• MEDIUM6.5CVE-2012-5489Plone and Zope2 vulnerable to unauthorized access to restricted attributes
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM6.1CVE-2021-35959Plone has stored XSS in folder contents
  >= 5.0, <= 5.2.4
• MEDIUM6.1CVE-2021-35959Plone has stored XSS in folder contents
  >= 5.0, < 5.2.5
• MEDIUM6.1CVE-2021-3313Plone XSS in User Fullname Property and File Upload
  from 0, < 5.2.4
• MEDIUM6.1CVE-2021-3313Plone XSS in User Fullname Property and File Upload
  from 0, < 5.2.4
• MEDIUM6.1CVE-2020-7936Plone Open Redirect Vulnerability
  >= 4.0, < 5.2.2
• MEDIUM6.1CVE-2020-7936Plone Open Redirect Vulnerability
  >= 4.0, < 4.3.20
• MEDIUM6.1CVE-2010-2422Plone Cross-site Scripting vulnerability in PortalTransforms
  >= 2.1, < 3.3.6
• MEDIUM6.1CVE-2010-2422Plone Cross-site Scripting vulnerability in PortalTransforms
  from 0, < 3.3.5
• MEDIUM6.1CVE-2012-5502Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM6.1CVE-2012-5502Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3
• MEDIUM6.1CVE-2012-5490Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3
• MEDIUM6.1CVE-2012-5504Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM6.1CVE-2012-5490Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM6.1CVE-2012-5494Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM6.1CVE-2012-5504Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3
• MEDIUM6.1CVE-2012-5494Plone Cross-site scripting Vulnerability
  from 0, < 4.2.3
• MEDIUM6.1CVE-2016-7147Plone XSS in Zope ZMI
  >= 4.0, < 4.3.12
• MEDIUM6.1CVE-2016-7147Plone XSS in Zope ZMI
  from 0, < 4.3.12, >= 5.0, < 5.0.7
• MEDIUM6.1CVE-2015-7316Plone Cross-site Scripting Vulnerability
  from 0, < 3da710a2cd68587f0bf34f2e7ea1167d6eeee087 | >= 3.3, < 4.0a1, >= 4.0, < 4.1a1, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.7, >= 5.0a1, < 5.0rc2
• MEDIUM6.1CVE-2015-7316Plone Cross-site Scripting Vulnerability
  >= 3.3, < 3.3.7
• MEDIUM6.1CVE-2017-1000481Products.CMFPlone Open Redirect Vulnerability
  >= 2.5, < 4.3.16, >= 5, < 5.1.0
• MEDIUM6.1CVE-2017-1000481Products.CMFPlone Open Redirect Vulnerability
  >= 2.5, < 4.3.16
• MEDIUM6.1CVE-2016-7137Plone Open Redirect Vulnerability
  >= 5.0, <= 5.0.6
• MEDIUM6.1CVE-2016-7137Plone Open Redirect Vulnerability
  >= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
• MEDIUM6.1CVE-2016-7136Plone XSS
  >= 5.0.0, <= 5.0.6
• MEDIUM6.1CVE-2016-7136Plone XSS
  >= 5.0, < 5.0.7, >= 4.2, < 4.3.12
• MEDIUM6.1CVE-2016-7138Plone XSS
  >= 5.0.0, <= 5.0.6
• MEDIUM6.1CVE-2016-7139Plone Cross-site Scripting (XSS) vulnerability
  >= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
• MEDIUM6.1CVE-2016-7138Plone XSS
  >= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
• MEDIUM6.1CVE-2016-7139Plone Cross-site Scripting (XSS) vulnerability
  >= 5.0, < 5.0.6
• MEDIUM6.1CVE-2016-7140Plone vulnerable to Cross-site Scripting
  >= 5.0a1, < 5.0.7
• MEDIUM6.1CVE-2016-7140Plone vulnerable to Cross-site Scripting
  >= 5.0, < 5.0.7, >= 4.0, < 4.3.12, >= 3.3, < 4.0a1
• MEDIUM6.1CVE-2013-7062Plone Zope cross-site scripting (XSS) vulnerability
  >= 3.3, < 4.0a1, >= 4.0, < 4.0.10, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.3
• MEDIUM6.1CVE-2013-7062Plone Zope cross-site scripting (XSS) vulnerability
  >= 3.3, < 3.3.6
• MEDIUM6.1CVE-2021-33507Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
  from 0, < 5.2.5
• MEDIUM6.1CVE-2021-33507Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
  from 0, <= 5.2.4
• MEDIUM6.1CVE-2017-1000484Plone Open Redirect
  >= 2.5, < 5.1.0
• MEDIUM6.1CVE-2017-1000484Plone Open Redirect
  >= 2.5, < 4.3.16
• MEDIUM6.1CVE-2011-1948Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
  from 0, < 4.1.1
• MEDIUM6.1CVE-2011-1948Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
  from 0, < 4.1.1
• MEDIUM5.9CVE-2013-4193Plone Unrestricted Filed Manipulation vulnerability via content edit forms
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM5.9CVE-2013-4193Plone Unrestricted Filed Manipulation vulnerability via content edit forms
  >= 2.1, < 4.1.1
• MEDIUM5.9CVE-2015-7315Plone unauthorized member addition vulnerability
  from 0, < e1d981bfa14b664317285f0f36498f4be4a23406 | >= 3.3, < 4.0a1, >= 4.0, < 4.1a1, >= 4.1, < 4.2a1, >= 4.2, < 4.3a1, >= 4.3, < 4.3.7, >= 5.0a1, < 5.0rc2
• MEDIUM5.9CVE-2015-7315Plone unauthorized member addition vulnerability
  >= 3.3, <= 3.3.6
• MEDIUM5.9CVE-2006-4249Plone allows a user to masquerade as a group
  >= 2.5, < 2.5.2
• MEDIUM5.9CVE-2006-4249Plone allows a user to masquerade as a group
  >= 2.5, < 2.5.2
• MEDIUM5.9CVE-2006-4249Plone allows a user to masquerade as a group
  from 0, <= 2.5, <= 2.5.1
• MEDIUM5.5CVE-2024-22889Phone information disclosure vulnerability
  from 0, <= 6.0.9
• MEDIUM5.4CVE-2021-29002Plone XSS Vulnerability
  from 0, <= 5.2.3
• MEDIUM5.4CVE-2021-29002Plone XSS Vulnerability
  from 0, <= 5.2.3
• MEDIUM5.4CVE-2020-7937Plone cross site scripting (XSS)
  >= 5.0, <= 5.2.1
• MEDIUM5.4CVE-2020-7937Plone cross site scripting (XSS)
  >= 5.0, < 5.2.2
• MEDIUM5.4CVE-2017-1000482Products.CMFPlone XSS in profile home_page property
  >= 2.5, < 4.3.16, >= 5, < 5.1.0
• MEDIUM5.4CVE-2017-1000482Products.CMFPlone XSS in profile home_page property
  >= 2.5a1, < 4.3.16
• MEDIUM5.4CVE-2021-33508Cross-site scripting in Plone
  from 0, <= 5.2.4
• MEDIUM5.4CVE-2021-33508Cross-site scripting in Plone
  from 0, < 5.2.5
• MEDIUM5.4CVE-2021-33512Cross-site scripting in Plone
  from 0, <= 5.2.4
• MEDIUM5.4CVE-2021-33512Cross-site scripting in Plone
  from 0, < 5.2.5
• MEDIUM5.4CVE-2021-33513Cross-site scripting in Plone
  from 0, <= 5.2.4
• MEDIUM5.4CVE-2021-33513Cross-site scripting in Plone
  from 0, < 5.2.5
• MEDIUM5.4CVE-2011-1949Plone Cross-site Scripting vulnerability
  >= 3.3.2, < 3.3.6
• MEDIUM5.4CVE-2011-1949Plone Cross-site Scripting vulnerability
  from 0, < 4.1.1
• MEDIUM5.3CVE-2013-4196Plone is vulnerable to information exposure via the object manager implementation
  >= 2.1, < 4.1.1
• MEDIUM5.3CVE-2013-4196Plone is vulnerable to information exposure via the object manager implementation
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM5.3CVE-2013-7060Plone Filesystem path information leak
  >= 3.3, < 4.3.3
• MEDIUM5.3CVE-2013-7060Plone Filesystem path information leak
  >= 3.3, < 4.3.3
• MEDIUM5.3CVE-2012-5491Plone Information Disclosure
  from 0, < 4.2.3
• MEDIUM5.3CVE-2012-5491Plone Information Disclosure
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM5.3CVE-2012-5492Plone Metadata Disclosure
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM5.3CVE-2012-5492Plone Metadata Disclosure
  from 0, < 4.2.3
• MEDIUM5.3CVE-2012-5497Plone User account enumeration via crafted URL
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM5.3CVE-2012-5497Plone User account enumeration via crafted URL
  from 0, < 4.2.3
• MEDIUM5.3CVE-2012-5500Plone contains Cross-site Request Forgery
  from 0, < 4.2.3
• MEDIUM5.3CVE-2012-5500Plone contains Cross-site Request Forgery
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM5.3CVE-2012-5508Exposure of Sensitive Information in Plone
  from 0, < 4.2.3, >= 4.3a0, < 4.3b1
• MEDIUM5.3CVE-2012-5508Exposure of Sensitive Information in Plone
  from 0, < 4.2.3
• MEDIUM5.3CVE-2016-4042Plone vulnerable to unauthorized disclosure of site content
  >= 3.3, < 5.1a2
• MEDIUM5.3CVE-2016-4042Plone vulnerable to unauthorized disclosure of site content
  >= 5.0, < 5.0.5
• MEDIUM4.9CVE-2013-4189Plone Privilege escalation due improper authorization
  >= 2.1, <= 4.1
• MEDIUM4.9CVE-2013-4189Plone Privilege escalation due improper authorization
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.9CVE-2013-7061Plone Privilege escalation through exposed underlying API
  >= 3.3b1, < 4.3.3
• MEDIUM4.9CVE-2013-7061Plone Privilege escalation through exposed underlying API
  >= 3.3, < 4.3.3
• MEDIUM4.9CVE-2016-4043Chameleon in Plone allows Authentication Bypass
  >= 5.0rc1, < 5.1a2
• MEDIUM4.9CVE-2016-4043Chameleon in Plone allows Authentication Bypass
  >= 5.0rc1, <= 5.0.4
• MEDIUM4.9CVE-2016-7135Plone vulnerable to filesystem information leak
  >= 5.0, < 5.0.7, >= 4.2, < 4.3.12
• MEDIUM4.9CVE-2016-7135Plone vulnerable to filesystem information leak
  >= 5.0, < 5.0.7
• MEDIUM4.8CVE-2013-4191Plone is vulnerable to Information Exposure when generating zip archives
  >= 2.1, < 4.1.1
• MEDIUM4.8CVE-2013-4191Plone is vulnerable to Information Exposure when generating zip archives
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.7CVE-2013-4190Plone vulnerable to cross-site scripting
  >= 2.1, < 4.1.1
• MEDIUM4.7CVE-2013-4190Plone vulnerable to cross-site scripting
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.7CVE-2013-4195Plone Multiple open redirect vulnerabilities
  >= 2.1, < 4.1.1
• MEDIUM4.7CVE-2013-4195Plone Multiple open redirect vulnerabilities
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.4CVE-2013-4188Plone Authenticated Denial of Service vulnerability
  >= 4.3, < 4.3.2
• MEDIUM4.4CVE-2013-4188Plone Authenticated Denial of Service vulnerability
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.3CVE-2013-4198Plone's authenticated users able to alter their password despite of policy definition
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• MEDIUM4.3CVE-2013-4198Plone's authenticated users able to alter their password despite of policy definition
  >= 2.1, <= 4.1
• MEDIUM4.3CVE-2021-33510Server-Side Request Forgery in Plone
  from 0, < 5.2.5
• MEDIUM4.3CVE-2021-33510Server-Side Request Forgery in Plone
  from 0, <= 5.2.4
• MEDIUM4.3CVE-2017-5524Plone Sandbox Escape
  from 0, < 4.3.12, >= 5.0a1, < 5.0.7
• MEDIUM4.3CVE-2017-5524Plone Sandbox Escape
  >= 4.0, < 4.3.12
• LOW3.7CVE-2013-4194Plone is vulnerable to File System Path Exposure
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• LOW3.7CVE-2013-4194Plone is vulnerable to File System Path Exposure
  >= 2.1, < 4.1.1
• LOW3.1CVE-2013-4199Plone Denial of Service vulnerability via decompressing large zip archives
  >= 2.1, < 4.1.1, >= 4.2, < 4.2.6, >= 4.3, < 4.3.2
• LOW3.1CVE-2013-4199Plone Denial of Service vulnerability via decompressing large zip archives
  >= 4.3, < 4.3.2
• —CVE-2011-1340Plone XSS Vulnerability
  from 0, < 2.5.3
• —CVE-2011-4030Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
  >= 4.0, < 4.0.10
• —CVE-2008-4571Plone Cross-site Scripting vulnerability in the LiveSearch module
  from 0, < 3.0.4
• —CVE-2008-1396Plone credentials stored in session cookie
  from 0, <= 3.1.7
• —CVE-2008-1393Plone Improper Session Management
  from 0, < 3.0
• —CVE-2008-1394Plone CMS Improper Session Management
  from 0, < 3.0
• —CVE-2006-1711zope-cmfplone - programming error
  from 0, < 2.0.6
• —CVE-2011-2528High severity vulnerability that affects Plone and Zope2
  from 0, <= 3.0, <= 3.0.1, <= 3.0.2, <= 3.0.3, <= 3.0.4, <= 3.0.5, <= 3.0.6, <= 3.1, <= 3.1.1, <= 3.1.2, <= 3.1.3, <= 3.1.4, <= 3.1.5.1, <= 3.1.6, <= 3.1.7, <= 3.2, <= 3.2.1, <= 3.2.2, <= 3.2.3, <= 3.3, <= 3.3.1, <= 3.3.2, <= 3.3.3, <= 3.3.4, <= 3.3.5, <= 3.3.6, <= 4.0, <= 4.0.1, <= 4.0.2, <= 4.0.3, <= 4.0.4, <= 4.0.5, <= 4.0.6.1, <= 4.0.7, <= 4.0.8, <= 4.1, <= 2.12.0, <= 2.12.0-a1, <= 2.12.0-a2, <= 2.12.0-a3, <= 2.12.0-a4, <= 2.12.0-b1, <= 2.12.0-b2, <= 2.12.0-b3, <= 2.12.0-b4, <= 2.12.1, <= 2.12.2, <= 2.12.3, <= 2.12.4, <= 2.12.5, <= 2.12.6, <= 2.12.7, <= 2.12.8, <= 2.12.9, <= 2.12.10, <= 2.12.11, <= 2.12.12, <= 2.12.13, <= 2.12.14, <= 2.12.15, <= 2.12.16, <= 2.12.17, <= 2.12.18, <= 2.13.0, <= 2.13.0-a1, <= 2.13.0-a2, <= 2.13.0-a3, <= 2.13.0-a4, <= 2.13.0-b1, <= 2.13.0-c1, <= 2.13.1, <= 2.13.2, <= 2.13.3, <= 2.13.4, <= 2.13.5, <= 2.13.6, <= 2.13.7
• —CVE-2011-2528High severity vulnerability that affects Plone and Zope2
  >= 3.3.2, < 3.3.6
• —CVE-2011-2528High severity vulnerability that affects Plone and Zope2
  >= 3.3.2, < 3.3.6
• —CVE-2009-0662Moderate severity vulnerability that affects Products.PlonePAS
  >= 3.0, <= 3.1, <= 3.2, <= 3.3, <= 3.4, <= 3.5