Vulnerabilities > Zope
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-32674 | Path Traversal vulnerability in Zope Zope is an open-source web application server. | 6.5 |
| 2021-05-21 | CVE-2021-33507 | Cross-site Scripting vulnerability in multiple products Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. | 4.3 |
| 2021-05-21 | CVE-2021-32633 | Path Traversal vulnerability in multiple products Zope is an open-source web application server. | 6.5 |
| 2021-03-09 | CVE-2021-21360 | Information Exposure vulnerability in Zope Products.Genericsetup Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. | 5.0 |
| 2021-03-08 | CVE-2021-21337 | Open Redirect vulnerability in Zope Products.Pluggableauthservice Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 5.8 |
| 2021-03-08 | CVE-2021-21336 | Information Exposure vulnerability in multiple products Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. | 4.0 |
| 2019-11-25 | CVE-2011-4924 | Cross-site Scripting vulnerability in Zope Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. | 4.3 |
| 2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 6.8 |
| 2017-08-07 | CVE-2009-5145 | Cross-site Scripting vulnerability in Zope Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. | 4.3 |
| 2014-11-03 | CVE-2012-6661 | Cryptographic Issues vulnerability in multiple products Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. | 5.0 |