Skip to main content

Zope

11 CVEs product

Monthly

CVE-2023-44389 PyPI MEDIUM PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zope
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-42458 PyPI MEDIUM POC PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zope
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-41050 PyPI HIGH PATCH This Week

AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Accesscontrol Zope
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2021-32811 PyPI HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Python RCE Accesscontrol Zope
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2021-32674 PyPI HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Zope
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-33507 PyPI MEDIUM PATCH This Month

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plone Zope
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32633 PyPI HIGH POC PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Path Traversal Plone Zope
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2012-6661 PyPI MEDIUM POC PATCH This Month

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone Zope
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5507 PyPI MEDIUM PATCH This Month

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Zope Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5489 PyPI MEDIUM PATCH This Month

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone Zope
NVD GitHub
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5486 PyPI MEDIUM PATCH This Month

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Plone Zope
NVD
CVSS 2.0
6.4
EPSS
0.8%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zope
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zope
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Accesscontrol +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Python RCE Accesscontrol +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Zope
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plone Zope
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Path Traversal Plone +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone Zope
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Zope +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone Zope
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Plone Zope
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy