Description

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Remediation

References

CVE-2011-4924

Related Vulnerabilities

MySQL CVE-2021-2305 Vulnerability (CVE-2021-2305)

WordPress Plugin BuddyPress Cross-Site Request Forgery (2.9.0)

Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)

SharePoint CVE-2022-41036 Vulnerability (CVE-2022-41036)

WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)

Severity

Medium

Classification

CVE-2011-4924 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities