Safety vulnerability ID: 37737
The information on this page was manually curated by our Cybersecurity Intelligence Team.
CVE-2011-4924: Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104.
Latest version: 5.11.1
Zope application server / web framework
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
MISC:http://www.openwall.com/lists/oss-security/2012/01/19/16: http://www.openwall.com/lists/oss-security/2012/01/19/16
MISC:http://www.openwall.com/lists/oss-security/2012/01/19/17: http://www.openwall.com/lists/oss-security/2012/01/19/17
MISC:http://www.openwall.com/lists/oss-security/2012/01/19/18: http://www.openwall.com/lists/oss-security/2012/01/19/18
MISC:http://www.openwall.com/lists/oss-security/2012/01/19/19: http://www.openwall.com/lists/oss-security/2012/01/19/19
MISC:https://access.redhat.com/security/cve/cve-2011-4924: https://access.redhat.com/security/cve/cve-2011-4924
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924
MISC:https://security-tracker.debian.org/tracker/CVE-2011-4924: https://security-tracker.debian.org/tracker/CVE-2011-4924
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application