FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-22 13:24:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7c492ea2-3566-11e0-8e81-0022190034c0	plone -- Remote Security Bypass Plone developer reports: This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still in place, and it does not grant access to other applications running on the same Zope instance. Discovery 2011-02-02 Entry 2011-02-10 plone >= 2.5 lt 3 plone3 >= 3 le 3.3 46102 CVE-2011-0720 http://plone.org/products/plone/security/advisories/cve-2011-0720
6b3374d4-6b0b-11e5-9909-002590263bf5	plone -- multiple vulnerabilities Plone.org reports: Versions Affected: All current Plone versions. Versions Not Affected: None. Nature of vulnerability: Allows creation of members by anonymous users on sites that have self-registration enabled, allowing bypass of CAPTCHA and similar protections against scripted attacks. The patch can be added to buildouts as Products.PloneHotfix20150910 (available from PyPI) or downloaded from Plone.org. Immediate Measures You Should Take: Disable self-registration until you have applied the patch. Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into this specially crafted url, XSS can be achieved. Discovery 2015-09-10 Entry 2015-10-05 plone < 4.3.7 ports/203255 https://plone.org/products/plone-hotfix/releases/20150910 https://plone.org/products/plone/security/advisories/20150910-announcement https://plone.org/security/20150910/non-persistent-xss-in-plone https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087

VuXML ID

Description

7c492ea2-3566-11e0-8e81-0022190034c0

plone -- Remote Security Bypass

Plone developer reports:

This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still in place, and it does not grant access to other applications running on the same Zope instance.

Discovery 2011-02-02
Entry 2011-02-10
plone

>= 2.5 lt 3

plone3

>= 3 le 3.3

46102
CVE-2011-0720
http://plone.org/products/plone/security/advisories/cve-2011-0720

6b3374d4-6b0b-11e5-9909-002590263bf5

plone -- multiple vulnerabilities

Plone.org reports:

Versions Affected: All current Plone versions.

Versions Not Affected: None.

Nature of vulnerability: Allows creation of members by anonymous users on sites that have self-registration enabled, allowing bypass of CAPTCHA and similar protections against scripted attacks.

The patch can be added to buildouts as Products.PloneHotfix20150910 (available from PyPI) or downloaded from Plone.org.

Immediate Measures You Should Take: Disable self-registration until you have applied the patch.

Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into this specially crafted url, XSS can be achieved.

Discovery 2015-09-10
Entry 2015-10-05
plone

< 4.3.7

ports/203255
https://plone.org/products/plone-hotfix/releases/20150910
https://plone.org/products/plone/security/advisories/20150910-announcement
https://plone.org/security/20150910/non-persistent-xss-in-plone
https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087