Cross-Site Scripting (XSS)

Zope 2 is vulnerable to cross-site scripting XSS. The vulnerability is due to an incomplete fix of CVE-2010-1104, which fails to sanitize the default standard error message errormessage parameter, allowing an attacker to inject an arbitrary script through it...

CVE-2009-5145

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

CVE-2012-5486

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

PYSEC-2014-73

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

CVE-2012-5486

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

CVE-2012-5486

CVE-2012-5486 - HP: ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19 (used in Plone before 4.3 beta 1) allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. Affected components: Zope 2 series up to 2.13.18; Plone deployments including the Plone before...

Zope 2.x Incorrect XML-RPC Request Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to a request with an error...

CVE-2010-1104

CVE-2010-1104 is an XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3.** The issue arises from how error messages are sanitized, allowing remote attackers to inject arbitrary web script or HTML via those error...

CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service resource consumption or application halt via certain 1 raise or 2 import statements...

Code injection

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service resource consumption or application halt via certain 1 raise or 2 import statements...

CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service resource consumption or application halt via certain 1 raise or 2 import statements...

CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service resource consumption or application halt via certain 1 raise or 2 import statements...

CVE-2008-5102

CVE-2008-5102 concerns Zope 2.x up to version 2.11.2, where PythonScripts can be abused by remote authenticated users to cause a denial of service through certain raise or import statements. The OpenVAS entries refer to a Zope 2.11.2 DoS vulnerability and note a vendor fix as the remediation. The...