Description

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Remediation

References

CVE-2000-1211

Related Vulnerabilities

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4317)

WordPress Plugin Software License Manager Cross-Site Request Forgery (4.5.0)

WordPress Plugin Simple Share Buttons Adder Multiple Vulnerabilities (4.4)

LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-42902)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-35708)

Severity

High

Classification

CVE-2000-1211

Tags

Missing Update Known Vulnerabilities