What is the severity of CVE-2010-1104?

CVE-2010-1104 has been classified as a medium-severity vulnerability due to its potential for exploitation through cross-site scripting (XSS).

How do I fix CVE-2010-1104?

To mitigate CVE-2010-1104, upgrade Zope to versions 2.8.12, 2.9.12, 2.10.11, 2.11.6, or 2.12.3 or later, which include patches for this vulnerability.

Who is affected by CVE-2010-1104?

CVE-2010-1104 affects multiple versions of Zope, specifically versions 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3.

What types of attacks can exploit CVE-2010-1104?

CVE-2010-1104 can be exploited by remote attackers to inject arbitrary web scripts or HTML via manipulated error messages.

Is there a workaround for CVE-2010-1104 if I cannot immediately upgrade?

There are no specific workarounds for CVE-2010-1104; therefore, immediate upgrading to a patched version is strongly recommended.

Vulnerability/
CVE-2010-1104

medium

4.3

CWE

25/3/2010

11/4/2025

CVE-2010-1104: XSS

First published: Thu Mar 25 2010(Updated: )

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zope ZODB	=2.8
Zope ZODB	=2.8.0
Zope ZODB	=2.8.0-a1
Zope ZODB	=2.8.0-a2
Zope ZODB	=2.8.0-b1
Zope ZODB	=2.8.0-b2
Zope ZODB	=2.8.0-final
Zope ZODB	=2.8.1
Zope ZODB	=2.8.1-b1
Zope ZODB	=2.8.1-final
Zope ZODB	=2.8.2
Zope ZODB	=2.8.3
Zope ZODB	=2.8.4
Zope ZODB	=2.8.5
Zope ZODB	=2.8.6
Zope ZODB	=2.8.7
Zope ZODB	=2.8.8
Zope ZODB	=2.8.9
Zope ZODB	=2.8.9.1
Zope ZODB	=2.8.10
Zope ZODB	=2.8.11
Zope ZODB	=2.9.0
Zope ZODB	=2.9.0-b1
Zope ZODB	=2.9.0-b2
Zope ZODB	=2.9.1
Zope ZODB	=2.9.2
Zope ZODB	=2.9.3
Zope ZODB	=2.9.4
Zope ZODB	=2.9.5
Zope ZODB	=2.9.6
Zope ZODB	=2.9.7
Zope ZODB	=2.9.8
Zope ZODB	=2.9.9
Zope ZODB	=2.9.10
Zope ZODB	=2.9.11
Zope ZODB	=2.10.0-b1
Zope ZODB	=2.10.0-b2
Zope ZODB	=2.10.0-c1
Zope ZODB	=2.10.0-final
Zope ZODB	=2.10.2
Zope ZODB	=2.10.2-b1
Zope ZODB	=2.10.2-final
Zope ZODB	=2.10.3
Zope ZODB	=2.10.3-final
Zope ZODB	=2.10.4-final
Zope ZODB	=2.10.5
Zope ZODB	=2.10.6
Zope ZODB	=2.10.7
Zope ZODB	=2.10.8
Zope ZODB	=2.10.9
Zope ZODB	=2.10.10
Zope ZODB	=2.10.11
Zope ZODB	=2.11.0
Zope ZODB	=2.11.0a1
Zope ZODB	=2.11.0b1
Zope ZODB	=2.11.0c1
Zope ZODB	=2.11.1
Zope ZODB	=2.11.2
Zope ZODB	=2.11.3
Zope ZODB	=2.11.4
Zope ZODB	=2.11.5
Zope ZODB	=2.12.0
Zope ZODB	=2.12.1
Zope ZODB	=2.12.2
	=2.8
	=2.8.0
	=2.8.0-a1
	=2.8.0-a2
	=2.8.0-b1
	=2.8.0-b2
	=2.8.0-final
	=2.8.1
	=2.8.1-b1
	=2.8.1-final
	=2.8.2
	=2.8.3
	=2.8.4
	=2.8.5
	=2.8.6
	=2.8.7
	=2.8.8
	=2.8.9
	=2.8.9.1
	=2.8.10
	=2.8.11
	=2.9.0
	=2.9.0-b1
	=2.9.0-b2
	=2.9.1
	=2.9.2
	=2.9.3
	=2.9.4
	=2.9.5
	=2.9.6
	=2.9.7
	=2.9.8
	=2.9.9
	=2.9.10
	=2.9.11
	=2.10.0-b1
	=2.10.0-b2
	=2.10.0-c1
	=2.10.0-final
	=2.10.2
	=2.10.2-b1
	=2.10.2-final
	=2.10.3
	=2.10.3-final
	=2.10.4-final
	=2.10.5
	=2.10.6
	=2.10.7
	=2.10.8
	=2.10.9
	=2.10.10
	=2.10.11
	=2.11.0
	=2.11.0a1
	=2.11.0b1
	=2.11.0c1
	=2.11.1
	=2.11.2
	=2.11.3
	=2.11.4
	=2.11.5
	=2.12.0
	=2.12.1
	=2.12.2

Remedy

http://www.vupen.com/english/advisories/2010/0104

Remedy

https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1104?
CVE-2010-1104 has been classified as a medium-severity vulnerability due to its potential for exploitation through cross-site scripting (XSS).
How do I fix CVE-2010-1104?
To mitigate CVE-2010-1104, upgrade Zope to versions 2.8.12, 2.9.12, 2.10.11, 2.11.6, or 2.12.3 or later, which include patches for this vulnerability.
Who is affected by CVE-2010-1104?
CVE-2010-1104 affects multiple versions of Zope, specifically versions 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3.
What types of attacks can exploit CVE-2010-1104?
CVE-2010-1104 can be exploited by remote attackers to inject arbitrary web scripts or HTML via manipulated error messages.
Is there a workaround for CVE-2010-1104 if I cannot immediately upgrade?
There are no specific workarounds for CVE-2010-1104; therefore, immediate upgrading to a patched version is strongly recommended.

agent/references
agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/weakness
agent/source
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/zope
canonical/zope zodb
version/zope zodb/2.8
version/zope zodb/2.8.0
version/zope zodb/2.8.0-a1
version/zope zodb/2.8.0-a2
version/zope zodb/2.8.0-b1
version/zope zodb/2.8.0-b2
version/zope zodb/2.8.0-final
version/zope zodb/2.8.1
version/zope zodb/2.8.1-b1
version/zope zodb/2.8.1-final
version/zope zodb/2.8.2
version/zope zodb/2.8.3
version/zope zodb/2.8.4
version/zope zodb/2.8.5
version/zope zodb/2.8.6
version/zope zodb/2.8.7
version/zope zodb/2.8.8
version/zope zodb/2.8.9
version/zope zodb/2.8.9.1
version/zope zodb/2.8.10
version/zope zodb/2.8.11
version/zope zodb/2.9.0
version/zope zodb/2.9.0-b1
version/zope zodb/2.9.0-b2
version/zope zodb/2.9.1
version/zope zodb/2.9.2
version/zope zodb/2.9.3
version/zope zodb/2.9.4
version/zope zodb/2.9.5
version/zope zodb/2.9.6
version/zope zodb/2.9.7
version/zope zodb/2.9.8
version/zope zodb/2.9.9
version/zope zodb/2.9.10
version/zope zodb/2.9.11
version/zope zodb/2.10.0-b1
version/zope zodb/2.10.0-b2
version/zope zodb/2.10.0-c1
version/zope zodb/2.10.0-final
version/zope zodb/2.10.2
version/zope zodb/2.10.2-b1
version/zope zodb/2.10.2-final
version/zope zodb/2.10.3
version/zope zodb/2.10.3-final
version/zope zodb/2.10.4-final
version/zope zodb/2.10.5
version/zope zodb/2.10.6
version/zope zodb/2.10.7
version/zope zodb/2.10.8
version/zope zodb/2.10.9
version/zope zodb/2.10.10
version/zope zodb/2.10.11
version/zope zodb/2.11.0
version/zope zodb/2.11.0a1
version/zope zodb/2.11.0b1
version/zope zodb/2.11.0c1
version/zope zodb/2.11.1
version/zope zodb/2.11.2
version/zope zodb/2.11.3
version/zope zodb/2.11.4
version/zope zodb/2.11.5
version/zope zodb/2.12.0
version/zope zodb/2.12.1
version/zope zodb/2.12.2

CVE-2010-1104: XSS

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1104?

How do I fix CVE-2010-1104?

Who is affected by CVE-2010-1104?

What types of attacks can exploit CVE-2010-1104?

Is there a workaround for CVE-2010-1104 if I cannot immediately upgrade?

Company

Resources

Contact