Search criteria
6 vulnerabilities by plone
CVE-2025-61668 (GCVE-0-2025-61668)
Vulnerability from cvelistv5 – Published: 2025-10-02 21:46 – Updated: 2025-10-03 13:37
VLAI?
Title
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Summary
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:37:13.125666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:37:25.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "volto",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 16.34.1"
},
{
"status": "affected",
"version": "\u003e= 17.0.0, \u003c 17.22.2"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.27.2"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-alpha.1, \u003c 19.0.0-alpha.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T21:46:32.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33"
},
{
"name": "https://github.com/plone/volto/pull/7412",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/pull/7412"
},
{
"name": "https://github.com/plone/volto/pull/7413",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/pull/7413"
},
{
"name": "https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c"
},
{
"name": "https://github.com/plone/volto/releases/tag/16.34.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/16.34.1"
},
{
"name": "https://github.com/plone/volto/releases/tag/17.22.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/17.22.2"
},
{
"name": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.6"
},
{
"name": "http://github.com/plone/volto/releases/tag/18.27.2",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/plone/volto/releases/tag/18.27.2"
}
],
"source": {
"advisory": "GHSA-m8rj-ppph-mj33",
"discovery": "UNKNOWN"
},
"title": "@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61668",
"datePublished": "2025-10-02T21:46:32.975Z",
"dateReserved": "2025-09-29T20:25:16.180Z",
"dateUpdated": "2025-10-03T13:37:25.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58047 (GCVE-0-2025-58047)
Vulnerability from cvelistv5 – Published: 2025-08-28 17:10 – Updated: 2025-11-04 21:13
VLAI?
Title
Volto affected by possible DoS by invoking specific URL by anonymous user
Summary
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
Severity ?
7.5 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:35:47.223133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:35:51.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:20.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/28/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "volto",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 16.34.0"
},
{
"status": "affected",
"version": "\u003e= 17.0.0, \u003c 17.22.1"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.24.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-alpha.1, \u003c 19.0.0-alpha.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:10:58.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5"
},
{
"name": "https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a"
},
{
"name": "https://github.com/plone/volto/releases/tag/16.34.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/16.34.0"
},
{
"name": "https://github.com/plone/volto/releases/tag/17.22.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/17.22.1"
},
{
"name": "https://github.com/plone/volto/releases/tag/18.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/18.24.0"
},
{
"name": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.4"
}
],
"source": {
"advisory": "GHSA-xjhf-7833-3pm5",
"discovery": "UNKNOWN"
},
"title": "Volto affected by possible DoS by invoking specific URL by anonymous user"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58047",
"datePublished": "2025-08-28T17:10:58.381Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-11-04T21:13:20.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-42457 (GCVE-0-2023-42457)
Vulnerability from cvelistv5 – Published: 2023-09-21 14:49 – Updated: 2025-02-13 17:09
VLAI?
Title
plone.rest vulnerable to Denial of Service when ++api++ is used many times
Summary
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| plone | plone.rest |
Affected:
>= 2.0.0a1, < 2.0.1
Affected: = 3.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq"
},
{
"name": "https://github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7"
},
{
"name": "https://github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:13:25.908320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:13:36.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plone.rest",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0a1, \u003c 2.0.1"
},
{
"status": "affected",
"version": "= 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one\u0027s frontend web server (nginx, Apache)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T14:06:16.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq"
},
{
"name": "https://github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7"
},
{
"name": "https://github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"source": {
"advisory": "GHSA-h6rp-mprm-xgcq",
"discovery": "UNKNOWN"
},
"title": "plone.rest vulnerable to Denial of Service when ++api++ is used many times"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42457",
"datePublished": "2023-09-21T14:49:32.123Z",
"dateReserved": "2023-09-08T20:57:45.574Z",
"dateUpdated": "2025-02-13T17:09:22.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41048 (GCVE-0-2023-41048)
Vulnerability from cvelistv5 – Published: 2023-09-21 14:31 – Updated: 2025-02-13 17:08
VLAI?
Title
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Summary
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| plone | plone.namedfile |
Affected:
< 5.6.1
Affected: >= 6.0.0, < 6.0.3 Affected: >= 6.1.0, < 6.1.3 Affected: >= 6.2.0, < 6.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"name": "https://github.com/plone/Products.PloneHotfix20210518",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:29:03.914839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:50:58.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plone.namedfile",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 5.6.1"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.3"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.1.3"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T14:06:17.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9"
},
{
"name": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60"
},
{
"name": "https://github.com/plone/Products.PloneHotfix20210518",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.PloneHotfix20210518"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"source": {
"advisory": "GHSA-jj7c-jrv4-c65x",
"discovery": "UNKNOWN"
},
"title": "plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41048",
"datePublished": "2023-09-21T14:31:07.171Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2025-02-13T17:08:47.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24740 (GCVE-0-2022-24740)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:15 – Updated: 2025-04-23 18:54
VLAI?
Title
Improper Authentication in Volto
Summary
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.
Severity ?
5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/volto/pull/3051"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:09:02.469984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:54:04.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "volto",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.0.0-alpha.5, \u003c 15.0.0-alpha.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user\u0027s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:15:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/pull/3051"
}
],
"source": {
"advisory": "GHSA-cfhh-xgwq-5r67",
"discovery": "UNKNOWN"
},
"title": "Improper Authentication in Volto",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24740",
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in Volto"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "volto",
"version": {
"version_data": [
{
"version_value": "\u003e= 14.0.0-alpha.5, \u003c 15.0.0-alpha.0"
}
]
}
}
]
},
"vendor_name": "plone"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user\u0027s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67",
"refsource": "CONFIRM",
"url": "https://github.com/plone/volto/security/advisories/GHSA-cfhh-xgwq-5r67"
},
{
"name": "https://github.com/plone/volto/pull/3051",
"refsource": "MISC",
"url": "https://github.com/plone/volto/pull/3051"
}
]
},
"source": {
"advisory": "GHSA-cfhh-xgwq-5r67",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24740",
"datePublished": "2022-03-14T22:15:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:54:04.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32806 (GCVE-0-2021-32806)
Vulnerability from cvelistv5 – Published: 2021-08-02 18:25 – Updated: 2024-08-03 23:33
VLAI?
Title
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Summary
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| plone | Products.isurlinportal |
Affected:
< 1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba"
},
{
"name": "JVN#50804280",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN50804280/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Products.isurlinportal",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the \u0027is url in portal\u0027 check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-12T04:06:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba"
},
{
"name": "JVN#50804280",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN50804280/index.html"
}
],
"source": {
"advisory": "GHSA-q3m9-9fj2-mfwr",
"discovery": "UNKNOWN"
},
"title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) in Products.isurlinportal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32806",
"STATE": "PUBLIC",
"TITLE": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) in Products.isurlinportal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Products.isurlinportal",
"version": {
"version_data": [
{
"version_value": "\u003c 1.2.0"
}
]
}
}
]
},
"vendor_name": "plone"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the \u0027is url in portal\u0027 check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr"
},
{
"name": "https://github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba",
"refsource": "MISC",
"url": "https://github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba"
},
{
"name": "JVN#50804280",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50804280/index.html"
}
]
},
"source": {
"advisory": "GHSA-q3m9-9fj2-mfwr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32806",
"datePublished": "2021-08-02T18:25:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}