plone Cyber Security Vulnerability Stats and Metrics

NodeJS Server Vulnerability in Volto Frontend for Plone CMS

CVE-2025-58047

PloneVolto7.5HIGH

Plone v6.0.9 vulnerability allows remote attackers to view and list all files

CVE-2024-22889

PlonePlone7.5HIGH

Unauthenticated attackers can execute dangerous actions via HTTP PUT and DELETE methods

CVE-2024-23756

PlonePlone7.5HIGH

Remote Code Execution Vulnerability in Plone Docker Image

CVE-2024-23054

PlonePlone Docker Official ...9.8CRITICAL

Remote Code Execution in Plone Docker Official Image 5.2.13

CVE-2024-23055

PlonePlone Docker Official ...6.1MEDIUM

Cross-Frame Scripting (XFS) on Plone CMS

CVE-2024-0669

Plone CmsPlone Cms6.3MEDIUM

plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

CVE-2023-41048

PlonePlone.namedfile3.7LOW

plone.rest vulnerable to Denial of Service when ++api++ is used many times

CVE-2023-42457

PlonePlone.rest7.5HIGH

Sensitive Information Exposure in Plone CMS

CVE-2021-33926

PlonePlone8.8HIGH

Cross-Site Scripting in Plone Site by User Profile Configuration

CVE-2017-1000482

PlonePlone5.4MEDIUM

Improper Authentication in Volto

CVE-2022-24740

PloneVolto5MEDIUM

Cross-site Scripting and Open Redirect in Products.ATContentTypes

CVE-2022-23599

PlonePlone6.1MEDIUM

URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal

CVE-2021-32806

PloneProducts.isurlinportal6.5MEDIUM

Cross-Site Scripting Vulnerability in Plone by Plone Foundation

CVE-2021-35959

PlonePlone5.4MEDIUM

Reflected Cross-Site Scripting Vulnerability in Plone by Zope Products

CVE-2021-33507

PlonePlone6.1MEDIUM

Stored Cross-Site Scripting in Plone Content Management System

CVE-2021-33508

PlonePlone5.4MEDIUM

Remote Code Execution Flaw in Plone CMS Affecting Authentication Managers

CVE-2021-33509

PlonePlone9.9CRITICAL

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation

CVE-2021-33510

PlonePlone4.3MEDIUM

Server-side Request Forgery in Plone Affects Multiple Themes and Frameworks

CVE-2021-33511

PlonePlone7.5HIGH

Stored XSS Vulnerability in Plone by File Uploading SVG or HTML Files

CVE-2021-33512

PlonePlone5.4MEDIUM

Cross-Site Scripting Vulnerability in Plone by Plone Foundation

CVE-2021-33513

PlonePlone5.4MEDIUM

Stored Cross-Site Scripting Vulnerability in Plone CMS by Plone Foundation

CVE-2021-3313

PlonePlone5.4MEDIUM

Stored Cross-Site Scripting Issue in Plone CMS by Plone Foundation

CVE-2021-29002

PlonePlone5.4MEDIUM

XXE Attack Vulnerability in Plone by Plone Foundation

CVE-2020-28736

PlonePlone8.8HIGH

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation

CVE-2020-28735

PlonePlone8.8HIGH

Vulnerability Published:

Sort By:

28 August 2025

NodeJS Server Vulnerability in Volto Frontend for Plone CMS

6 March 2024

Plone v6.0.9 vulnerability allows remote attackers to view and list all files

8 February 2024

Unauthenticated attackers can execute dangerous actions via HTTP PUT and DELETE methods

5 February 2024

Remote Code Execution Vulnerability in Plone Docker Image

25 January 2024

Remote Code Execution in Plone Docker Official Image 5.2.13

18 January 2024

Cross-Frame Scripting (XFS) on Plone CMS

21 September 2023

plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

plone.rest vulnerable to Denial of Service when ++api++ is used many times

17 February 2023

Sensitive Information Exposure in Plone CMS

3 October 2022

Cross-Site Scripting in Plone Site by User Profile Configuration

14 March 2022

Improper Authentication in Volto

28 January 2022

Cross-site Scripting and Open Redirect in Products.ATContentTypes

2 August 2021

URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal

30 June 2021

Cross-Site Scripting Vulnerability in Plone by Plone Foundation

21 May 2021

Reflected Cross-Site Scripting Vulnerability in Plone by Zope Products

Stored Cross-Site Scripting in Plone Content Management System

Remote Code Execution Flaw in Plone CMS Affecting Authentication Managers

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation

Server-side Request Forgery in Plone Affects Multiple Themes and Frameworks

Stored XSS Vulnerability in Plone by File Uploading SVG or HTML Files

Cross-Site Scripting Vulnerability in Plone by Plone Foundation

20 May 2021

Stored Cross-Site Scripting Vulnerability in Plone CMS by Plone Foundation

24 March 2021

Stored Cross-Site Scripting Issue in Plone CMS by Plone Foundation

30 December 2020

XXE Attack Vulnerability in Plone by Plone Foundation

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation