Plone 5.1a1
Approved changes feed: RSS · Atom
cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*
part: a version: 5.1a1 update: *
| Vendor | Plone (20065100-5fec-5b5e-bb46-a6d4673848e0) |
|---|---|
| Product | Plone (6110f612-67ec-5a9f-99a2-abd1946de8b4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/plone/plone |
purl2cpe | 2026-06-01 10:16:04.177689 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-7140 |
vulnerable | 2026-06-03 14:36:07.017667 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.579Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7139 |
vulnerable | 2026-06-03 14:36:07.016082 |
Details available
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.525Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7138 |
vulnerable | 2026-06-03 14:36:07.014547 |
Details available
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.463Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7137 |
vulnerable | 2026-06-03 14:36:07.012873 |
Details available
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.544Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7136 |
vulnerable | 2026-06-03 14:36:07.004623 |
Details available
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.509Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7135 |
vulnerable | 2026-06-03 14:36:06.994181 |
Details available
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
Published: 2017-03-07T16:00:00.000Z
Updated: 2024-08-06T01:50:47.485Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4043 |
vulnerable | 2026-06-03 14:35:47.076311 |
Details available
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
Published: 2017-02-24T20:00:00.000Z
Updated: 2024-08-06T00:17:30.832Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.