Vulnerabilities > Zope > Zope > 2.7.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-21 | CVE-2023-42458 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zope Zope is an open-source web application server. | 5.4 |
2023-09-06 | CVE-2023-41050 | Information Exposure vulnerability in Zope Accesscontrol AccessControl provides a general security framework for use in Zope. | 7.7 |
2021-06-08 | CVE-2021-32674 | Path Traversal vulnerability in Zope Zope is an open-source web application server. | 6.5 |
2021-05-21 | CVE-2021-32633 | Path Traversal vulnerability in multiple products Zope is an open-source web application server. | 6.5 |
2014-11-03 | CVE-2012-6661 | Cryptographic Issues vulnerability in multiple products Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. | 5.0 |
2014-09-30 | CVE-2012-5507 | Race Condition vulnerability in multiple products AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 4.3 |
2014-09-30 | CVE-2012-5489 | Permissions, Privileges, and Access Controls vulnerability in multiple products The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | 6.5 |
2008-11-17 | CVE-2008-5102 | Resource Management Errors vulnerability in Zope PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. | 4.0 |
2007-03-22 | CVE-2007-0240 | HTML Injection vulnerability in Zope HTTP Get Request Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. network zope | 4.3 |
2006-09-19 | CVE-2006-4684 | Information Disclosure vulnerability in Zope CSV_Table The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | 5.0 |