ID CVE-2007-0240
Summary Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
References
Vulnerable Configurations
  • cpe:2.3:a:zope:zope:2.10.2
    cpe:2.3:a:zope:zope:2.10.2
CVSS
Base: 4.3 (as of 23-03-2007 - 11:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ZOPE-3346.NASL
    description This update fixes a cross site scripting bug (XSS) in zope (CVE-2007-0240).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27504
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27504
    title openSUSE 10 Security Update : zope (zope-3346)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_34414A1EE37711DBB8AB000C76189C4C.NASL
    description The Zope Team reports : A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25015
    published 2007-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25015
    title FreeBSD : zope -- XSS vulnerability (34414a1e-e377-11db-b8ab-000c76189c4c)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1275.NASL
    description A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 25009
    published 2007-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25009
    title Debian DSA-1275-1 : zope2.7 - XSS
refmap via4
bid 23084
confirm http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
debian DSA-1275
secunia
  • 24017
  • 24713
  • 25239
suse SUSE-SR:2007:011
vupen ADV-2007-1041
xf zope-unspecifiedget-xss(33187)
statements via4
contributor Mark J Cox
lastmodified 2007-04-02
organization Red Hat
statement Not vulnerable. This issue did not affect Zope included within the conga package shipped with Red Hat Enterprise Linux 5.
Last major update 07-03-2011 - 21:49
Published 22-03-2007 - 14:19
Last modified 28-07-2017 - 21:30
Back to Top