CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-42458 – Zope vulnerable to Stored Cross Site Scripting with SVG images
https://notcve.org/view.php?id=CVE-2023-42458
21 Sep 2023 — Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. • http://www.openwall.com/lists/oss-security/2023/09/22/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41050 – Information disclosure through Python's "format" functionality in Zope AccessControl
https://notcve.org/view.php?id=CVE-2023-41050
06 Sep 2023 — AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a saf... • https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32674 – Remote Code Execution via traversal in TAL expressions
https://notcve.org/view.php?id=CVE-2021-32674
08 Jun 2021 — Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly... • https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33507
https://notcve.org/view.php?id=CVE-2021-33507
21 May 2021 — Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Zope Products.CMFCore. versiones anteriores a 2.5.1, y Products.PluggableAuthService versiones anteriores a 2.6.2, como es usado en Plone versiones hasta 5.2.4, y otros productos, permiten un ataque de tipo XSS Reflejado • http://www.openwall.com/lists/oss-security/2021/05/22/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-32633 – Remote Code Execution via traversal in TAL expressions
https://notcve.org/view.php?id=CVE-2021-32633
21 May 2021 — Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict add... • http://www.openwall.com/lists/oss-security/2021/05/21/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 65EXPL: 1CVE-2012-6661
https://notcve.org/view.php?id=CVE-2012-6661
03 Nov 2014 — Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de números seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0CVE-2012-5489
https://notcve.org/view.php?id=CVE-2012-5489
30 Sep 2014 — The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. La función App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringido... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 162EXPL: 1CVE-2008-5102 – Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5102
17 Nov 2008 — PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. PythonScripts en Zope 2 2.11.2 y anteriores, como se usa en Conga y otros productos, permite a usuarios remotamente autentificados provocar una denegación de servicio (agotamiento de recursos o parada de aplicación) mediante ciertas sentencias (1) raise o (2) import. • https://www.exploit-db.com/exploits/32581 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0240
https://notcve.org/view.php?id=CVE-2007-0240
22 Mar 2007 — Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Zope 2.10.2 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores sin especificar en una petición HTTP GET. • http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0687
https://notcve.org/view.php?id=CVE-2002-0687
23 Jul 2002 — The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. La capacidad through the web code de Zope desde la versión 2.0 a la 2.5.1 b1, permite a usuarios no fiables parar el servidor mediante ciertas cabeceras. • http://www.iss.net/security_center/static/9621.php •