Every CVE whose affected-product data names Plone Plone Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2008-1393 — CVSS 10.0 (critical): Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the…
CVE-2008-1394 — CVSS 7.5 (high): Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it…
CVE-2008-1395 — CVSS 7.5 (high): Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier…
CVE-2008-0164 — CVSS 4.3 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary…
CVE-2008-1396 — CVSS 4.3 (medium): Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie…