Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Remediation

References

CVE-2000-0725

Related Vulnerabilities

OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3711)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3440)

phpBB CVE-2010-1630 Vulnerability (CVE-2010-1630)

WordPress Plugin Event Notifier Cross-Site Scripting (1.2.0)

Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10735)

Severity

High

Classification

CVE-2000-0725

Tags

Missing Update Known Vulnerabilities