|
|
Subscribe / Log in / New account

zope: cross-site scripting

Package(s):zope CVE #(s):CVE-2007-0240
Created:April 3, 2007 Updated:April 5, 2007
Description: A cross-site scripting vulnerability in Zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser by using unspecified vectors in a HTTP GET request. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of Zope web pages.
Alerts:
Debian DSA-1275-1 zope2.7 2007-04-02
to post comments

zope2.7: cross-site scripting

Posted Apr 5, 2007 1:57 UTC (Thu) by tseaver (guest, #1544) [Link]

This bug is originally reported here:

http://www.zope.org/Products/Zope/Hotfix-2007-03-20/annou...

and affects all Zope versions prior to 2.8.9.1, 2.9.7, and 2.10.3. The
hotfix announced at that link can be applied to any Zope 2.8.x, 2.9.x,
or 2.10.x release which cannot be upgraded directly to a fixed version.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds