CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

4.8CVSS6.9AI score0.00372EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:19 p.m.•6 views

CVE-2021-32674

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...

8.8CVSS6.6AI score0.00801EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:19 p.m.•8 views

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS7.4AI score0.01883EPSS

Exploits0References1

Tenable Nessus•added 2025/03/04 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2013-7062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7,...

6.1CVSS6.4AI score0.00763EPSS

Exploits0References2

OSV•added 2022/05/02 4:1 a.m.•5 views

GHSA-5R4X-QC7Q-VJ27 Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

6.1CVSS6AI score0.00635EPSS

Exploits0References8

OSV•added 2022/05/01 7:9 a.m.•5 views

GHSA-JCJP-QQPQ-PC54 Zope allows local users to read arbitrary files

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

2.1CVSS6.1AI score0.00072EPSS

Exploits0References8

Tenable Nessus•added 2008/11/13 12:0 a.m.•11 views

Zope < 2.11.3 PythonScript Handling DoS

Binary data 4749.prm...

7.3AI score

Exploits0References1

Cvelist•added 2003/04/02 5:0 a.m.•16 views

CVE-2002-0687

The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers...

6.5AI score0.00602EPSS

Exploits0References5

Cvelist•added 2002/06/25 4:0 a.m.•13 views

CVE-2001-1227

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

6.6AI score0.00702EPSS

Exploits0References5

NVD•added 2001/10/10 4:0 a.m.•11 views

CVE-2001-1227

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

7.5CVSS6.6AI score0.00702EPSS

Exploits0References5

NVD•added 2001/10/10 4:0 a.m.•14 views

CVE-2001-1278

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

7.5CVSS6.6AI score0.00409EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by