Vulnerabilities > Zope > Zope > 2.11.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-21 | CVE-2023-42458 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zope Zope is an open-source web application server. | 5.4 |
2023-09-06 | CVE-2023-41050 | Information Exposure vulnerability in Zope Accesscontrol AccessControl provides a general security framework for use in Zope. | 7.7 |
2021-06-08 | CVE-2021-32674 | Path Traversal vulnerability in Zope Zope is an open-source web application server. | 6.5 |
2021-05-21 | CVE-2021-32633 | Path Traversal vulnerability in multiple products Zope is an open-source web application server. | 6.5 |
2019-11-25 | CVE-2011-4924 | Cross-site Scripting vulnerability in Zope Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. | 4.3 |
2014-11-03 | CVE-2012-6661 | Cryptographic Issues vulnerability in multiple products Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. | 5.0 |
2014-09-30 | CVE-2012-5507 | Race Condition vulnerability in multiple products AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 4.3 |
2014-09-30 | CVE-2012-5489 | Permissions, Privileges, and Access Controls vulnerability in multiple products The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | 6.5 |
2010-09-08 | CVE-2010-3198 | Denial Of Service vulnerability in Zope ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions. network zope | 4.3 |
2010-03-25 | CVE-2010-1104 | Cross-Site Scripting vulnerability in Zope Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | 4.3 |