EUVD-2017-0084

Malware in sbrugna...

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

Cross-Site Scripting (XSS)

Zope is vulnerable to Cross-site Scripting XSS . The vulnerability is due to improper user-input sanitization in the title property. This can allow an attacker to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI...

PYSEC-2023-193

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

Zope Cross-Site Scripting Vulnerability

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope community. A cross-site scripting vulnerability exists in Zope, which stems from a stored cross-site scripting XSS vulnerability in the title attribute of the Zope Management Interface...

GHSA-P3QM-44CF-F8QX Plone vulnerable to cross-site request forgery

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managetabsmessage in ZMI pages. An attacker can manipulate web content or hijack user sessions. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

Zope Management Interface and Plone Cross-Site Request Forgery Vulnerabilities

Plone is the United States Plone Foundation's set of free and open source content management system CMS built on the application server Zope. Zope Management Interface ZMI is one of the management interface. A cross-site request forgery vulnerability exists in Zope Management Interface versions...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

PYSEC-2017-51

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

PYSEC-2017-51

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

CVE-2015-7293

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

CVE-2015-7293

The CVE concerns multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface (ZMI) 4.3.7 and earlier, and Plone before 5.x. The affected component is the ZMI/Plone web interfaces built on Zope, with the root cause being CSRF weaknesses that could allow unauthorized act...

CVE-2015-7293

Multiple cross-site request forgery CSRF vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x...

Plone 5.0.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Plone 5.0.5 Fixed in: Hotfix 20170117 Fixed Version Link: https://plone.org/security/hotfix/20170117 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/05/2016...

UBUNTU-CVE-2016-7147

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

Plone Zope Management (ZMI) Reflective Cross-Site Scripting Vulnerability

Plone is a free, open source Content Management System CMS. A reflected cross-site scripting vulnerability exists in Plone Zope Management ZMI, where the ZMI page of Zope2 does not properly escape user input in many places...

Zope Management Interface CSRF vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...

Zope Management Interface 4.3.7 - Cross-Site Request Forgery

Zope Management Interface 4.3.7 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zop...