Incomplete fix for Cross-site scripting (XSS) vulnerability in Zope versions 2.8.x to 2.12.x and 3.1.1 to 3.4.1

Incomplete fix for Cross-site scripting (XSS) vulnerability in Zope versions 2.8.x to 2.12.x and 3.1.1 to 3.4.1

CVE-2011-4924 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Learn more about our Web App Pen Testing.