CVE-2010-1104 – zope2

Package

Manager: pip
Name: zope2
Vulnerable Version: >=2.8.0 <2.8.12 || >=2.9.0 <2.9.12 || >=2.10.0 <2.10.11 || >=2.11.0 <2.11.6 || >=2.12.0 <2.12.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00443 pctl0.62435

Details

Moderate severity vulnerability that affects Zope2 Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Metadata

Created: 2018-07-23T19:51:28Z
Modified: 2020-06-16T21:57:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-v7q8-wvvh-c97p/GHSA-v7q8-wvvh-c97p.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v7q8-wvvh-c97p
Finding: F008
Auto approve: 1