Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12aDZnLTc4NmYtaHh4cM0_YA
Zope XSS Vulnerability
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
Permalink: https://github.com/advisories/GHSA-vh6g-786f-hxxpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12aDZnLTc4NmYtaHh4cM0_YA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 4 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-vh6g-786f-hxxp, CVE-2011-4924
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4924
- https://access.redhat.com/security/cve/cve-2011-4924
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924
- https://security-tracker.debian.org/tracker/CVE-2011-4924
- http://www.openwall.com/lists/oss-security/2012/01/19/16
- http://www.openwall.com/lists/oss-security/2012/01/19/17
- http://www.openwall.com/lists/oss-security/2012/01/19/18
- http://www.openwall.com/lists/oss-security/2012/01/19/19
- https://github.com/zopefoundation/Zope/commit/37e4ea774acc668f6b430a45a6ab1e359710f590
- https://github.com/zopefoundation/Zope/commit/a0655194cb39ad88ce3323a3e489927c5f979c44
- https://github.com/advisories/GHSA-vh6g-786f-hxxp
Blast Radius: 12.5
Affected Packages
pypi:zope2
Dependent packages: 9Dependent repositories: 4
Downloads: 6,317 last month
Affected Version Ranges: >= 2.13.0a1, < 2.13.12, < 2.12.22
Fixed in: 2.13.12, 2.12.22
All affected versions: 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.12.11, 2.12.12, 2.12.13, 2.12.14, 2.12.15, 2.12.16, 2.12.17, 2.12.18, 2.12.19, 2.12.20, 2.12.21, 2.13.0, 2.13.0-a1, 2.13.0-a2, 2.13.0-a3, 2.13.0-a4, 2.13.0-b1, 2.13.0-c1, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10, 2.13.11
All unaffected versions: 2.12.22, 2.12.23, 2.12.24, 2.12.25, 2.12.26, 2.12.27, 2.12.28, 2.13.12, 2.13.13, 2.13.14, 2.13.15, 2.13.16, 2.13.17, 2.13.18, 2.13.19, 2.13.20, 2.13.21, 2.13.22, 2.13.23, 2.13.24, 2.13.25, 2.13.26, 2.13.27, 2.13.28, 2.13.29, 2.13.30
pypi:zope
Dependent packages: 11Dependent repositories: 113
Downloads: 46,535 last month
Affected Version Ranges: >= 3.1.1, < 3.7.3
Fixed in: 3.7.3
All affected versions:
All unaffected versions: 4.1.1, 4.1.2, 4.1.3, 4.2.1, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.6.1, 4.6.2, 4.6.3, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 5.1.1, 5.1.2, 5.2.1, 5.5.1, 5.5.2, 5.7.1, 5.7.2, 5.7.3, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6