Search for packages
| purl | pkg:pypi/plone@5.2.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cswj-8xmm-xfgx
Aliases: CVE-2024-22889 GHSA-xg5p-8wg5-rhxm |
Phone information disclosure vulnerability Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. |
Affected by 0 other vulnerabilities. |
|
VCID-r7v2-vxck-fba7
Aliases: CVE-2024-0669 GHSA-5xfx-55x4-j223 |
Improper Restriction of Rendered UI Layers or Frames A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T07:55:04.100140+00:00 | GitLab Importer | Affected by | VCID-cswj-8xmm-xfgx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2024-22889.yml | 38.6.0 |
| 2026-06-01T07:48:38.038016+00:00 | GitLab Importer | Affected by | VCID-r7v2-vxck-fba7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2024-0669.yml | 38.6.0 |