Lucene search

GoogleOSV:GHSA-V7Q8-WVVH-C97P

HistoryJul 23, 2018 - 7:51 p.m.

Moderate severity vulnerability that affects Zope2

2018-07-2319:51:28

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

CPENameOperatorVersion
zope2eq2.12.1
zope2eq2.12.0
zope2eq2.12.2

Name	Operator	Version
zope2	eq	2.12.1
zope2	eq	2.12.0
zope2	eq	2.12.2

References

secunia.com/advisories/38007

www.osvdb.org/61655

www.securityfocus.com/bid/37765

www.vupen.com/english/advisories/2010/0104

exchange.xforce.ibmcloud.com/vulnerabilities/55599

github.com/advisories/GHSA-v7q8-wvvh-c97p

mail.zope.org/pipermail/zope-announce/2010-January/002229.html

nvd.nist.gov/vuln/detail/CVE-2010-1104

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Related for OSV:GHSA-V7Q8-WVVH-C97P