Description

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Remediation

References

CVE-2002-0170

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4348)

WordPress Plugin HD Webplayer Multiple SQL Injection Vulnerabilities (1.1)

MySQL CVE-2014-0401 Vulnerability (CVE-2014-0401)

WordPress Plugin Pixel Manager for WooCommerce-Track Google Analytics, Google Ads, TikTok and more Supply Chain Attack [Polyfill.io] (1.43.3)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9838)

Severity

High

Classification

CVE-2002-0170

Tags

Missing Update Known Vulnerabilities