Zope

Zope

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2023-44389

  • EPSS 0.34%
  • Published 04.10.2023 21:15:10
  • Last modified 21.11.2024 08:25:48

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and ...

5.4

CVE-2023-42458

Exploit
  • EPSS 0.23%
  • Published 21.09.2023 17:15:22
  • Last modified 21.11.2024 08:22:34

Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image co...

7.7

CVE-2023-41050

  • EPSS 0.24%
  • Published 06.09.2023 18:15:08
  • Last modified 21.11.2024 08:20:27

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects...

7.2

CVE-2021-32811

  • EPSS 3.93%
  • Published 02.08.2021 22:15:08
  • Last modified 21.11.2024 06:07:47

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope...

6.5

CVE-2021-32674

  • EPSS 0.8%
  • Published 08.06.2021 18:15:08
  • Last modified 21.11.2024 06:07:30

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Pytho...

6.1

CVE-2021-33507

  • EPSS 0.29%
  • Published 21.05.2021 22:15:08
  • Last modified 21.11.2024 06:08:58

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

8.8

CVE-2021-32633

Exploit
  • EPSS 0.94%
  • Published 21.05.2021 14:15:07
  • Last modified 21.11.2024 06:07:25

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit...

6.1

CVE-2011-4924

  • EPSS 0.99%
  • Published 25.11.2019 18:15:11
  • Last modified 21.11.2024 01:33:18

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via ...

6.1

CVE-2009-5145

  • EPSS 0.53%
  • Published 07.08.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.

5

CVE-2012-6661

Exploit
  • EPSS 0.4%
  • Published 03.11.2014 22:55:05
  • Last modified 12.04.2025 10:46:40

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT fr...