Vulnerabilities > Zope

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2021-36089 Out-Of-Bounds Write vulnerability in Zope Grok
Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
network
zope CWE-787
6.8
2021-06-08 CVE-2021-32674 Path Traversal vulnerability in Zope
Zope is an open-source web application server.
network
low complexity
zope CWE-22
6.5
2021-05-21 CVE-2021-33507 Cross-Site Scripting vulnerability in multiple products
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
network
plone zope CWE-79
4.3
2021-05-21 CVE-2021-32633 Path Traversal vulnerability in multiple products
Zope is an open-source web application server.
network
low complexity
plone zope CWE-22
6.5
2021-03-09 CVE-2021-21360 Information Exposure vulnerability in Zope Products.Genericsetup
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts.
network
low complexity
zope CWE-200
5.0
2021-03-08 CVE-2021-21337 Open Redirect vulnerability in Zope Products.Pluggableauthservice
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework.
network
zope CWE-601
5.8
2021-03-08 CVE-2021-21336 Information Exposure vulnerability in Zope Products.Pluggableauthservice
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework.
network
low complexity
zope CWE-200
4.0
2019-11-25 CVE-2011-4924 Cross-Site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1.
network
zope CWE-79
4.3
2017-09-25 CVE-2015-7293 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
network
plone zope CWE-352
6.8
2017-08-07 CVE-2009-5145 Cross-Site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
network
zope CWE-79
4.3