CVE-2007-0240
Debian Linux Security Advisory 1275-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Zope 2.10.2 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores sin especificar en una petición HTTP GET.
A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-16 CVE Reserved
- 2007-03-22 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/24017 | Third Party Advisory | |
| http://secunia.com/advisories/24713 | Third Party Advisory | |
| http://secunia.com/advisories/25239 | Third Party Advisory | |
| http://www.securityfocus.com/bid/23084 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/1041 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33187 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view | 2017-07-29 |
| URL | Date | SRC |
|---|---|---|
| http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html | 2017-07-29 | |
| http://www.debian.org/security/2007/dsa-1275 | 2017-07-29 |