Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2011-4924

UNKNOWN
Published 2019-11-25T17:03:14
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2011-4924. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

zope

zope2, zope3

Affected Versions:

2.8.x before 2.8.12 2.9.x before 2.9.12 2.10.x before 2.10.11 2.11.x before 2.11.6 and 2.12.x before 2.12.3 3.1.1through 3.4.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Zope XSS Vulnerability

GHSA-vh6g-786f-hxxp

Advisory Details

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Affected Packages

PyPI zope
ECOSYSTEM: ≥3.1.1 <3.7.3
PyPI zope2
ECOSYSTEM: ≥0 <2.12.22
PyPI zope2
ECOSYSTEM: ≥2.13.0a1 <2.13.12

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2011-4924
WEB https://github.com/zopefoundation/Zope/commit/37e4ea774acc668f6b430a45a6ab1e359710f590
WEB https://github.com/zopefoundation/Zope/commit/a0655194cb39ad88ce3323a3e489927c5f979c44
WEB https://access.redhat.com/security/cve/cve-2011-4924
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924
PACKAGE https://github.com/zopefoundation/Zope
WEB https://security-tracker.debian.org/tracker/CVE-2011-4924
WEB http://www.openwall.com/lists/oss-security/2012/01/19/16
WEB http://www.openwall.com/lists/oss-security/2012/01/19/17
WEB http://www.openwall.com/lists/oss-security/2012/01/19/18
WEB http://www.openwall.com/lists/oss-security/2012/01/19/19

Advisory provided by GitHub Security Advisory Database. Published: April 22, 2022, Modified: January 15, 2024

References

https://security-tracker.debian.org/tracker/CVE-2011-4924
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924
https://access.redhat.com/security/cve/cve-2011-4924
http://www.openwall.com/lists/oss-security/2012/01/19/19
http://www.openwall.com/lists/oss-security/2012/01/19/16
http://www.openwall.com/lists/oss-security/2012/01/19/17
http://www.openwall.com/lists/oss-security/2012/01/19/18
Published: 2019-11-25T17:03:14
Last Modified: 2024-08-07T00:23:39.047Z
Copied to clipboard!