Zope 'standard_error_message' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

Zope is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The issue affects versions prior to Zope 2.12.3, 2.11.6, 2.10.11, 2.9.12, and 2.8.12.

Solution

The vendor has released updates. Please see the references for details.

References

http://www.securityfocus.com/bid/37765
http://www.zope.org
https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1104

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability
Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities