Plone vulnerabilities

The Plone Content Management System

latest version

6.0.13
first published

16 years ago
latest version published

2 months ago
licenses detected
- GPL-3.0
  [3.2a1,4.0rc1)
- GPL-2.0
  [4.0rc1,)
View Plone package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Plone package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure	[0,)
M Cross-site Scripting (XSS)	[,5.0)
M Cross-site Scripting (XSS)	[3.3,3.3.6) [4.0,4.0.9) [4.1,4.1.6) [4.3,4.3.2)
H Server-side Request Forgery (SSRF)	[4.3,5.2.5)
M Cross-site Scripting (XSS)	[5.0,5.2.5)
L Server-side Request Forgery (SSRF)	[5.0,5.2.5)
M Cross-site Scripting (XSS)	[5.0,5.2.5)
M Access Restriction Bypass	[4.3,5.2.5)
L Server-side Request Forgery (SSRF)	[4.3,5.2.5)
M Cross-site Scripting (XSS)	[4.3,5.2.5)
L Cross-site Scripting (XSS)	[4.3,5.2.5)
H Cross-site Scripting (XSS)	[,5.2.5)
M XML External Entity (XXE) Injection	[,5.2.3)
M Server-side Request Forgery (SSRF)	[,5.2.3)
M XML External Entity (XXE) Injection	[,5.2.3)
L Weak Password Requirements	[4.3,4.3.20) [5.0,5.2.1)
M SQL Injection	[0,5.2.2)
M Cross-site Scripting (XSS)	[0,5.2.2)
M Privilege Escalation	[0,5.2.2)
L Cross-site Scripting (XSS)	[0,5.2.2)
M Cross-site Scripting (XSS)	[,2.5.3)
M Cross-site Scripting (XSS)	[,3.0.4)
M Arbitrary Code Execution	[,4.2.3)
H Information Exposure	[,3.0.0)
M Sandbox Escape	[4.0,4.3.16) [5,5.1.0)
M Cross-site Scripting (XSS)	[,4.3.16) [5,5.1.0)
M Open Redirect	[2.5,5.1)
M Open Redirect	[,4.3.16) [5,5.1.0)
H Cross-site Request Forgery (CSRF)	[,4.3.7) [5.0a1,5.0)
M Sandbox Bypass	[4,5.1a2]
M Cross-site Scripting (XSS)	[,5.1a2]
M Cross-site Scripting (XSS)	[4,5.1a1]
M Information Exposure	[4.2,5.1a1]
M Cross-site Scripting (XSS)	[4,5.1a1]
M Open Redirect	[,5.0.6]
M Cross-site Scripting (XSS)	[,5.1a1]
M Information Exposure	[3.3,5.1a1]
M Access Restriction Bypass	[5.0,5.1a1]
H Access Restriction Bypass	[4.0,5.1a1]
M Access Restriction Bypass	[3.3,4.2.7]
H HTTP Response Splitting	[3,4.0)
M Unauthorized User Creation	[,4.3.7)
M Cross-site Scripting (XSS)	[,4.3.7)
M Information Exposure	[3.3,4.3.2]
M Access Restriction Bypass	[3.3,4.3.2]
M Denial of Service (DoS)	[,4.2.5) [4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5) [4.3,4.3.1)
M Cross-site Scripting (XSS)	[,4.2.5) [4.3,4.3.1)
M Information Exposure	[,4.2.5) [4.3,4.3.1)
M Email Spoofing	[,4.2.5) [4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5) [4.3,4.3.1)
M Information Exposure	[,4.2.5) [4.3,4.3.1)
M Open Redirect	[,4.2.5) [4.3,4.3.1)
M Information Exposure	[,4.2.5) [4.3,4.3.1)
M Arbitrary Portrait Modification	[,4.2.5) [4.3,4.3.1)
M Access Restriction Bypass	[,4.2.5) [4.3,4.3.1)
M Arbitrary Web Redirect	[4.3.0,4.3.1]
L Denial of Service (DoS)	[,4.2.5) [4.3,4.3.1)
H Arbitrary Code Execution	[,4.2.3) [4.3a1,4.3b1)
M Arbitrary Code Execution	[,4.2.3) [4.3a1,4.3b1)
M Cross-site Scripting (XSS)	[,4.2.3) [4.3a1,4.3b1)
H Arbitrary Code Execution	[,4.2.3) [4.3a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.0)
M Cross-site Scripting (XSS)	[,4.2.3) [4.3a1,4.3b1)
M Arbitrary Code Execution	[,4.2.3) [4.3a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3) [4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3) [4.3a1,4.3b1)
M Cross-site Request Forgery (CSRF)	[,4.2.3) [4.3a1,4.3b1)
M Arbitrary BLOB Read	[,4.2.3) [4.3a1,4.3b1)
L Cross-site Scripting (XSS)	[,4.2.3) [4.3.a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3a1,4.3b1)
M Cross-site Scripting (XSS)	[,4.2.3) [4.3.a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3.a1,4.3b1)
M Denial of Service (DoS)	[,4.2.3) [4.3a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3a1,4.3b1)
M Information Exposure	[,4.2.3) [4.3a1,4.3b1)
M Denial of Service (DoS)	[,4.1.3]
H Arbitrary Sub-object Access	[4,4.0.9] [4.1,4.2a2]
H Privilege Escalation	[4.1]
M Cross-site Scripting (XSS)	[,4.2)
M Arbitrary Property Modification	[4,4.2)
H Arbitrary File Creation	[2.5,4.1)
M Cross-site Scripting (XSS)	[2.1,3.3.5)

Package versions

1 - 100 of 187 Results

version	published	direct vulnerabilities
6.1.0b1	31 Oct, 2024	0 C 0 H 1 M 0 L
6.1.0a5	5 Sep, 2024	0 C 0 H 1 M 0 L
6.1.0a4	1 Aug, 2024	0 C 0 H 1 M 0 L
6.1.0a3	26 Apr, 2024	0 C 0 H 1 M 0 L
6.1.0a2	27 Feb, 2024	0 C 0 H 1 M 0 L
6.1.0a1	26 Jan, 2024	0 C 0 H 1 M 0 L
6.0.13	5 Sep, 2024	0 C 0 H 1 M 0 L
6.0.12	1 Aug, 2024	0 C 0 H 1 M 0 L
6.0.11	25 Apr, 2024	0 C 0 H 1 M 0 L
6.0.10	22 Feb, 2024	0 C 0 H 1 M 0 L
6.0.9	14 Dec, 2023	0 C 0 H 1 M 0 L
6.0.8	26 Oct, 2023	0 C 0 H 1 M 0 L
6.0.7	14 Sep, 2023	0 C 0 H 1 M 0 L
6.0.6	22 Jun, 2023	0 C 0 H 1 M 0 L
6.0.5	25 May, 2023	0 C 0 H 1 M 0 L
6.0.4	21 Apr, 2023	0 C 0 H 1 M 0 L
6.0.3	23 Mar, 2023	0 C 0 H 1 M 0 L
6.0.2	23 Feb, 2023	0 C 0 H 1 M 0 L
6.0.1	30 Jan, 2023	0 C 0 H 1 M 0 L
6.0.0	12 Dec, 2022	0 C 0 H 1 M 0 L
6.0.0rc2	5 Dec, 2022	0 C 0 H 1 M 0 L
6.0.0rc1	18 Nov, 2022	0 C 0 H 1 M 0 L
6.0.0b3	4 Oct, 2022	0 C 0 H 1 M 0 L
6.0.0b2	9 Sep, 2022	0 C 0 H 1 M 0 L
6.0.0b1	22 Jul, 2022	0 C 0 H 1 M 0 L
6.0.0a6	27 Jun, 2022	0 C 0 H 1 M 0 L
6.0.0a5	24 Jun, 2022	0 C 0 H 1 M 0 L
6.0.0a4	7 Apr, 2022	0 C 0 H 1 M 0 L
6.0.0a3	28 Jan, 2022	0 C 0 H 1 M 0 L
6.0.0a2	3 Dec, 2021	0 C 0 H 1 M 0 L
6.0.0a1	16 Oct, 2021	0 C 0 H 1 M 0 L
5.2.15	1 Aug, 2024	0 C 0 H 1 M 0 L
5.2.14	21 Sep, 2023	0 C 0 H 1 M 0 L
5.2.13	19 Jul, 2023	0 C 0 H 1 M 0 L
5.2.12	19 Apr, 2023	0 C 0 H 1 M 0 L
5.2.11	26 Jan, 2023	0 C 0 H 1 M 0 L
5.2.10	31 Oct, 2022	0 C 0 H 1 M 0 L
5.2.9	18 Jul, 2022	0 C 0 H 1 M 0 L
5.2.8	29 Apr, 2022	0 C 0 H 1 M 0 L
5.2.7	25 Jan, 2022	0 C 0 H 1 M 0 L
5.2.6	22 Oct, 2021	0 C 0 H 1 M 0 L
5.2.5	30 Jul, 2021	0 C 0 H 1 M 0 L
5.2.4	19 Feb, 2021	0 C 2 H 5 M 3 L
5.2.3	30 Oct, 2020	0 C 2 H 5 M 3 L
5.2.2	27 Jun, 2020	0 C 2 H 8 M 3 L
5.2.1	2 Dec, 2019	0 C 2 H 11 M 4 L
5.2.0	11 Jul, 2019	0 C 2 H 11 M 5 L
5.2rc5	27 Jun, 2019	0 C 2 H 11 M 5 L
5.2rc4	20 Jun, 2019	0 C 2 H 11 M 5 L
5.2rc3	5 May, 2019	0 C 2 H 11 M 5 L
5.2rc2	22 Mar, 2019	0 C 2 H 11 M 5 L
5.2rc1	4 Mar, 2019	0 C 2 H 11 M 5 L
5.2b1	14 Feb, 2019	0 C 2 H 11 M 5 L
5.2a2	29 Dec, 2018	0 C 2 H 11 M 5 L
5.2a1	8 Nov, 2018	0 C 2 H 11 M 5 L
5.1.7	21 Sep, 2020	0 C 2 H 11 M 5 L
5.1.6	3 Sep, 2019	0 C 2 H 11 M 5 L
5.1.5	11 Dec, 2018	0 C 2 H 11 M 5 L
5.1.4	2 Oct, 2018	0 C 2 H 11 M 5 L
5.1.3	21 Jun, 2018	0 C 2 H 11 M 5 L
5.1.2	8 Apr, 2018	0 C 2 H 11 M 5 L
5.1.1	11 Mar, 2018	0 C 2 H 11 M 5 L
5.1.0	15 Feb, 2018	0 C 2 H 11 M 5 L
5.1rc2	27 Nov, 2017	0 C 2 H 15 M 5 L
5.1rc1	10 Sep, 2017	0 C 2 H 15 M 5 L
5.1b4	3 Jul, 2017	0 C 2 H 15 M 5 L
5.1b3	2 Apr, 2017	0 C 2 H 15 M 5 L
5.1b2	20 Feb, 2017	0 C 2 H 15 M 5 L
5.1b1	20 Feb, 2017	0 C 2 H 15 M 5 L
5.1a2	19 Aug, 2016	0 C 2 H 17 M 5 L
5.1a1	31 Mar, 2016	0 C 3 H 23 M 5 L
5.0.10	9 Jan, 2019	0 C 3 H 23 M 5 L
5.0.9	5 Aug, 2017	0 C 3 H 23 M 5 L
5.0.8	4 Jun, 2017	0 C 3 H 23 M 5 L
5.0.7	20 Feb, 2017	0 C 3 H 23 M 5 L
5.0.6	23 Aug, 2016	0 C 3 H 24 M 5 L
5.0.5	22 Jun, 2016	0 C 3 H 24 M 5 L
5.0.4	31 Mar, 2016	0 C 3 H 24 M 5 L
5.0.3	3 Mar, 2016	0 C 3 H 24 M 5 L
5.0.2	9 Jan, 2016	0 C 3 H 24 M 5 L
5.0.1	18 Dec, 2015	0 C 3 H 24 M 5 L
5.0	28 Sep, 2015	0 C 3 H 24 M 5 L
5.0rc3	21 Sep, 2015	0 C 4 H 19 M 3 L
5.0rc2	12 Sep, 2015	0 C 4 H 19 M 3 L
5.0rc1	8 Sep, 2015	0 C 4 H 19 M 3 L
5.0b4	24 Aug, 2015	0 C 4 H 19 M 3 L
5.0b3	20 Jul, 2015	0 C 4 H 19 M 3 L
5.0b2	14 May, 2015	0 C 4 H 19 M 3 L
5.0b1	27 Mar, 2015	0 C 4 H 19 M 3 L
5.0a3	1 Nov, 2014	0 C 4 H 19 M 3 L
5.0a2	20 Apr, 2014	0 C 4 H 19 M 3 L
5.0a1	3 Mar, 2014	0 C 4 H 19 M 3 L
4.3.20	19 Aug, 2020	0 C 3 H 19 M 3 L
4.3.19	9 Sep, 2019	0 C 3 H 19 M 4 L
4.3.18	29 May, 2018	0 C 3 H 19 M 4 L
4.3.17	8 Mar, 2018	0 C 3 H 19 M 4 L
4.3.16	9 Sep, 2017	0 C 3 H 19 M 4 L
4.3.15	3 Jul, 2017	0 C 3 H 22 M 4 L
4.3.14	3 Apr, 2017	0 C 3 H 22 M 4 L
4.3.13	16 Mar, 2017	0 C 3 H 22 M 4 L

See all versions

Plone vulnerabilities

The Plone Content Management System

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Package versions