6 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managetabsmessage in ZMI pages. An attacker can manipulate web content or hijack user sessions. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...
PYSEC-2017-148
Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...
PYSEC-2017-148
Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...
ZMS v3.2 CMS - Client Side Cross Site Web Vulnerabilities
Document Title: =============== ZMS v3.2 CMS - Client Side Cross Site Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1890 Release Date: ============= 2016-07-28 Vulnerability Laboratory ID VL-ID: ====================================...
ZMS v3.2 CMS - Client Side Cross Site Web Vulnerabilities
Document Title: =============== ZMS v3.2 CMS - Client Side Cross Site Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1890 Release Date: ============= 2016-07-27 Vulnerability Laboratory ID VL-ID: ====================================...
Zope 'manage_tabs_message' parameter cross-site scripting vulnerability
Zope is an open source web application server. A cross-site scripting vulnerability exists in the Zope 'managetabsmessage' parameter due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal cookie-bas...