Vulnerabilities > Zope > Zope

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-44389 Cross-site Scripting vulnerability in Zope
Zope is an open-source web application server.
network
low complexity
zope CWE-79
4.8
4.8
2023-09-21 CVE-2023-42458 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zope
Zope is an open-source web application server.
network
low complexity
zope CWE-80
5.4
5.4
2023-09-06 CVE-2023-41050 Information Exposure vulnerability in Zope Accesscontrol
AccessControl provides a general security framework for use in Zope.
network
low complexity
zope CWE-200
7.7
7.7
2021-08-02 CVE-2021-32811 Unspecified vulnerability in Zope Accesscontrol and Zope
Zope is an open-source web application server.
network
low complexity
zope
7.2
7.2
2021-06-08 CVE-2021-32674 Path Traversal vulnerability in Zope
Zope is an open-source web application server.
network
low complexity
zope CWE-22
6.5
6.5
2021-05-21 CVE-2021-33507 Cross-site Scripting vulnerability in multiple products
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
network
plone zope CWE-79
4.3
4.3
2021-05-21 CVE-2021-32633 Path Traversal vulnerability in multiple products
Zope is an open-source web application server.
network
low complexity
plone zope CWE-22
6.5
6.5
2019-11-25 CVE-2011-4924 Cross-site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1.
network
zope CWE-79
4.3
4.3
2017-08-07 CVE-2009-5145 Cross-site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
network
zope CWE-79
4.3
4.3
2014-11-03 CVE-2012-6661 Cryptographic Issues vulnerability in multiple products
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors.
network
low complexity
plone zope CWE-310
5.0
5.0