Lucene search

GitHub Advisory DatabaseGHSA-V7Q8-WVVH-C97P

HistoryJul 23, 2018 - 7:51 p.m.

Moderate severity vulnerability that affects Zope2

2018-07-2319:51:28

CWE-79

GitHub Advisory Database

github.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.7%

JSON

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Affected configurations

Vulners

Node

zope2Range2.12.0–2.12.3

zope2Range2.11.0–2.11.6

zope2Range2.10.0–2.10.11

zope2Range2.9.0–2.9.12

zope2Range2.8.0–2.8.12

VendorProductVersionCPE
*zope2*cpe:2.3:a:*:zope2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	zope2	*	cpe:2.3:a::zope2::::::::*

References

secunia.com/advisories/38007

www.osvdb.org/61655

www.securityfocus.com/bid/37765

www.vupen.com/english/advisories/2010/0104

exchange.xforce.ibmcloud.com/vulnerabilities/55599

github.com/advisories/GHSA-v7q8-wvvh-c97p

mail.zope.org/pipermail/zope-announce/2010-January/002229.html

nvd.nist.gov/vuln/detail/CVE-2010-1104

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.7%

JSON

Related for GHSA-V7Q8-WVVH-C97P