CVE-2011-4924 – zope2

Package

Manager: pip
Name: zope2
Vulnerable Version: >=0 <2.12.22 || >=2.13.0a1 <2.13.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0099 pctl0.76022

Details

Zope XSS Vulnerability Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Metadata

Created: 2022-04-22T00:24:16Z
Modified: 2024-01-15T17:29:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-vh6g-786f-hxxp/GHSA-vh6g-786f-hxxp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-vh6g-786f-hxxp
Finding: F008
Auto approve: 1