Plone

plone

Vendor: Plone • 103 CVEs

CVEs (103)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-4249 1Plone 1Plone Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."
CVE-2006-4247 1Plone 1Plone Apr 23, 2026 Sep 29, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
CVE-2006-1711 1Plone 1Plone Apr 16, 2026 Apr 11, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.