23 matches found
EUVD-2017-0096
Malware in sbrugna...
SUSE CVE-2006-4684
The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...
Plone vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-879R-7F3W-8JJ3 Plone and Zope2 vulnerable to unauthorized access to restricted attributes
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
GHSA-P6H9-HPCG-C6GM High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...
High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...
HTTP header injection in Plone and Zope2
ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...
GHSA-77HV-8796-8CCP HTTP header injection in Plone and Zope2
ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...
Moderate severity vulnerability that affects Zope2
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
GHSA-V7Q8-WVVH-C97P Moderate severity vulnerability that affects Zope2
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
GHSA-48VV-2PMQ-9FVV Plone and Zope2 do not reseed pseudo-random number generator
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator PRNG, which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability...
Plone and Zope2 affected by Race Condition
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...
CVE-2016-7140
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7140
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PYSEC-2017-63
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7140
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7140
CVE-2016-7140 is a cross-site scripting (XSS) vulnerability in the ZMI page of Zope2 used by Plone CMS. The issue affects Plone versions 5.x up to 5.0.6, 4.x up to 4.3.11, and 3.3.x up to 3.3.6, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connecte...
CVE-2016-7140
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...