Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2011-4924
Cross-site scripting (XSS) vulnerability in Zope 2.8.x prior to 2.8.12, 2.9.x prior to 2.9.12, 2.10.x prior to 2.10.11, 2.11.x prior to 2.11.6, and 2.12.x prior to 2.12.3, 3.1.1 up to and including 3.4.1. allows remote malicious users to inject arbitrary web script or HTML via ve...
Zope Zope
5.4
CVSSv3
CVE-2023-42458
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To expl...
Zope Zope
NA
CVE-2007-0240
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
Zope Zope
4.8
CVSSv3
CVE-2023-44389
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches w...
Zope Zope
8.8
CVSSv3
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available fo...
Zope Zope
NA
CVE-2002-0687
The "through the web code" capability for Zope 2.0 up to and including 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
Zope Zope
8.8
CVSSv3
CVE-2021-32633
Zope is an open-source web application server. In Zope versions before 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the...
Plone Plone
Zope Zope
6.1
CVSSv3
CVE-2021-33507
Zope Products.CMFCore prior to 2.5.1 and Products.PluggableAuthService prior to 2.6.2, as used in Plone up to and including 5.2.4 and other products, allow Reflected XSS.
Plone Plone
Zope Zope
9.9
CVSSv3
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least gener...
Zope Restrictedpython
Zope Restrictedpython 6.0
7.7
CVSSv3
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from...
Zope Restrictedpython
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »