GCVE - cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*

part: a version: 5.0 update: a1

Vendor	Plone (`20065100-5fec-5b5e-bb46-a6d4673848e0`)
Product	Plone (`6110f612-67ec-5a9f-99a2-abd1946de8b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/plone/plone`	purl2cpe	2026-06-01 10:16:04.177669

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7140`	vulnerable	2026-06-03 14:36:07.017509	Details available Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.579Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5 http://www.securityfocus.com/archive/1/539572/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7139`	vulnerable	2026-06-03 14:36:07.015927	Details available Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.525Z Open on db.gcve.eu Reference links https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7138`	vulnerable	2026-06-03 14:36:07.014391	Details available Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.463Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-1 http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7137`	vulnerable	2026-06-03 14:36:07.012711	Details available Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.544Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 http://www.openwall.com/lists/oss-security/2016/09/05/4 https://plone.org/security/hotfix/20160830/open-redirection-in-plone http://www.openwall.com/lists/oss-security/2016/09/05/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7136`	vulnerable	2026-06-03 14:36:07.004458	Details available z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.509Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7135`	vulnerable	2026-06-03 14:36:06.989187	Details available Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. Published: 2017-03-07T16:00:00.000Z Updated: 2024-08-06T01:50:47.485Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html http://seclists.org/fulldisclosure/2016/Oct/80 https://plone.org/security/hotfix/20160830/filesystem-information-leak http://www.openwall.com/lists/oss-security/2016/09/05/4 http://www.openwall.com/lists/oss-security/2016/09/05/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4042`	vulnerable	2026-06-03 14:35:47.070509	Details available Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. Published: 2017-02-24T20:00:00.000Z Updated: 2024-08-06T00:17:30.608Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2016/04/20/2 https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4041`	vulnerable	2026-06-03 14:35:47.061785	Details available Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. Published: 2017-02-24T20:00:00.000Z Updated: 2024-08-06T00:17:30.875Z Open on db.gcve.eu Reference links https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav http://www.openwall.com/lists/oss-security/2016/04/20/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.