CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2011-2528
https://notcve.org/view.php?id=CVE-2011-2528
19 Jul 2011 — Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) Plon... • http://plone.org/products/plone-hotfix/releases/20110622 •
CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0CVE-2010-1104 – zope: XSS on error page
https://notcve.org/view.php?id=CVE-2010-1104
25 Mar 2010 — Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Zope v2.8.x antes de v2.8.12, v2.9.x antes de v2.9.12, v2.10.x antes de v2.10.11, v2.11.x antes de v2.11.6 y v2.12.x antes de v2.12.3 permite a atacantes remotos inyectar HT... • http://secunia.com/advisories/38007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •