Plone vulnerabilities

The Plone Content Management System

latest version

6.1.3

first published

17 years ago

latest version published

23 days ago

licenses detected

GPL-3.0
[3.2a1,4.0rc1)
GPL-2.0
[4.0rc1,)

View Plone package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Plone package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Information Exposure	[0,)
M Cross-site Scripting (XSS)	[,5.0)
M Cross-site Scripting (XSS)	[3.3,3.3.6)[4.0,4.0.9)[4.1,4.1.6)[4.3,4.3.2)
H Server-side Request Forgery (SSRF)	[4.3,5.2.5)
M Cross-site Scripting (XSS)	[5.0,5.2.5)
L Server-side Request Forgery (SSRF)	[5.0,5.2.5)
M Cross-site Scripting (XSS)	[5.0,5.2.5)
M Access Restriction Bypass	[4.3,5.2.5)
L Server-side Request Forgery (SSRF)	[4.3,5.2.5)
M Cross-site Scripting (XSS)	[4.3,5.2.5)
L Cross-site Scripting (XSS)	[4.3,5.2.5)
H Cross-site Scripting (XSS)	[,5.2.5)
M Server-side Request Forgery (SSRF)	[,5.2.3)
M XML External Entity (XXE) Injection	[,5.2.3)
M XML External Entity (XXE) Injection	[,5.2.3)
L Weak Password Requirements	[4.3,4.3.20)[5.0,5.2.1)
M SQL Injection	[0,5.2.2)
M Cross-site Scripting (XSS)	[0,5.2.2)
M Privilege Escalation	[0,5.2.2)
L Cross-site Scripting (XSS)	[0,5.2.2)
M Cross-site Scripting (XSS)	[,2.5.3)
M Cross-site Scripting (XSS)	[,3.0.4)
M Arbitrary Code Execution	[,4.2.3)
H Information Exposure	[,3.0.0)
M Sandbox Escape	[4.0,4.3.16)[5,5.1.0)
M Cross-site Scripting (XSS)	[,4.3.16)[5,5.1.0)
M Open Redirect	[2.5,5.1)
M Open Redirect	[,4.3.16)[5,5.1.0)
H Cross-site Request Forgery (CSRF)	[,4.3.7)[5.0a1,5.0)
M Sandbox Bypass	[4,5.1a2]
M Cross-site Scripting (XSS)	[,5.1a2]
M Cross-site Scripting (XSS)	[4,5.1a1]
M Information Exposure	[4.2,5.1a1]
M Cross-site Scripting (XSS)	[4,5.1a1]
M Open Redirect	[,5.0.6]
M Cross-site Scripting (XSS)	[,5.1a1]
M Information Exposure	[3.3,5.1a1]
M Access Restriction Bypass	[5.0,5.1a1]
H Access Restriction Bypass	[4.0,5.1a1]
M Access Restriction Bypass	[3.3,4.2.7]
H HTTP Response Splitting	[3,4.0)
M Unauthorized User Creation	[,4.3.7)
M Cross-site Scripting (XSS)	[,4.3.7)
M Information Exposure	[3.3,4.3.2]
M Access Restriction Bypass	[3.3,4.3.2]
M Denial of Service (DoS)	[,4.2.5)[4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5)[4.3,4.3.1)
M Cross-site Scripting (XSS)	[,4.2.5)[4.3,4.3.1)
M Information Exposure	[,4.2.5)[4.3,4.3.1)
M Email Spoofing	[,4.2.5)[4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5)[4.3,4.3.1)
M Information Exposure	[,4.2.5)[4.3,4.3.1)
M Open Redirect	[,4.2.5)[4.3,4.3.1)
M Information Exposure	[,4.2.5)[4.3,4.3.1)
M Arbitrary Portrait Modification	[,4.2.5)[4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5)[4.3,4.3.1)
M Arbitrary Web Redirect	[4.3.0,4.3.1]
L Denial of Service (DoS)	[,4.2.5)[4.3,4.3.1)
H Arbitrary Code Execution	[,4.2.3)[4.3a1,4.3b1)
M Arbitrary Code Execution	[,4.2.3)[4.3a1,4.3b1)
M Cross-site Scripting (XSS)	[,4.2.3)[4.3a1,4.3b1)
H Arbitrary Code Execution	[,4.2.3)[4.3a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.0)
M Cross-site Scripting (XSS)	[,4.2.3)[4.3a1,4.3b1)
M Arbitrary Code Execution	[,4.2.3)[4.3a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3)[4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3)[4.3a1,4.3b1)
M Cross-site Request Forgery (CSRF)	[,4.2.3)[4.3a1,4.3b1)
M Arbitrary BLOB Read	[,4.2.3)[4.3a1,4.3b1)
L Cross-site Scripting (XSS)	[,4.2.3)[4.3.a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3a1,4.3b1)
M Cross-site Scripting (XSS)	[,4.2.3)[4.3.a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3.a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3)[4.3a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3a1,4.3b1)
M Information Exposure	[,4.2.3)[4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.1.3]
H Arbitrary Sub-object Access	[4,4.0.9][4.1,4.2a2]
H Privilege Escalation	[4.1]
M Cross-site Scripting (XSS)	[,4.2)
M Arbitrary Property Modification	[4,4.2)
H Arbitrary File Creation	[2.5,4.1)
M Cross-site Scripting (XSS)	[2.1,3.3.5)

Package versions

199 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
6.1.3	2 Oct, 2025	0 C 0 H 1 M 0 L
6.1.2	20 Jun, 2025	0 C 0 H 1 M 0 L
6.1.1	25 Mar, 2025	0 C 0 H 1 M 0 L
6.1.1rc2	21 Mar, 2025	0 C 0 H 1 M 0 L
6.1.1rc1	14 Mar, 2025	0 C 0 H 1 M 0 L
6.1.0	7 Feb, 2025	0 C 0 H 1 M 0 L
6.1.0rc1	31 Jan, 2025	0 C 0 H 1 M 0 L
6.1.0b2	19 Dec, 2024	0 C 0 H 1 M 0 L
6.1.0b1	31 Oct, 2024	0 C 0 H 1 M 0 L
6.1.0a5	5 Sep, 2024	0 C 0 H 1 M 0 L