Zope

Zope

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2023-44389

  • EPSS 0.34%
  • Veröffentlicht 04.10.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:25:48

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and ...

5.4

CVE-2023-42458

Exploit
  • EPSS 0.23%
  • Veröffentlicht 21.09.2023 17:15:22
  • Zuletzt bearbeitet 21.11.2024 08:22:34

Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image co...

7.7

CVE-2023-41050

  • EPSS 0.24%
  • Veröffentlicht 06.09.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 08:20:27

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects...

7.2

CVE-2021-32811

  • EPSS 3.93%
  • Veröffentlicht 02.08.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:47

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope...

6.5

CVE-2021-32674

  • EPSS 0.8%
  • Veröffentlicht 08.06.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Pytho...

6.1

CVE-2021-33507

  • EPSS 0.29%
  • Veröffentlicht 21.05.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:08:58

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

8.8

CVE-2021-32633

Exploit
  • EPSS 0.94%
  • Veröffentlicht 21.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:25

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit...

6.1

CVE-2011-4924

  • EPSS 0.99%
  • Veröffentlicht 25.11.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 01:33:18

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via ...

6.1

CVE-2009-5145

  • EPSS 0.53%
  • Veröffentlicht 07.08.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.

5

CVE-2012-6661

Exploit
  • EPSS 0.4%
  • Veröffentlicht 03.11.2014 22:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT fr...