Browse all 7 CVE security advisories affecting plone. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Plone serves as a content management system for organizations requiring secure, accessible web publishing. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and misconfigurations. While generally considered secure due to its Python-based architecture and regular security updates, Plone has had notable incidents including CVE-2021-42237, an RCE vulnerability in its REST API, and CVE-2022-24963, an XSS issue in its TinyMCE editor. The platform's security model emphasizes role-based access control and regular security audits, though its complexity can introduce potential misconfiguration risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28413 | Products.isurlinportal: Possible open redirect when using more than 2 forward slashes — Products.isurlinportalCWE-601 | 5.3 | Medium | 2026-03-05 |
| CVE-2021-32806 | URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal — Products.isurlinportalCWE-601 | 6.5 | Medium | 2021-08-02 |
This page lists every published CVE security advisory associated with plone. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.