CVE-2010-1104: XSS

First published: Thu Mar 25 2010(Updated: )

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zope Zope	=2.8.0
Zope Zope	=2.9.11
Zope Zope	=2.8.8
Zope Zope	=2.10.8
Zope Zope	=2.10.5
Zope Zope	=2.8.9.1
Zope Zope	=2.10.4-final
Zope Zope	=2.9.0-b2
Zope Zope	=2.11.1
Zope Zope	=2.8.11
Zope Zope	=2.10.7
Zope Zope	=2.11.3
Zope Zope	=2.9.2
Zope Zope	=2.10.10
Zope Zope	=2.8.0-b2
Zope Zope	=2.10.11
Zope Zope	=2.10.0-b1
Zope Zope	=2.11.0c1
Zope Zope	=2.12.0
Zope Zope	=2.9.4
Zope Zope	=2.9.5
Zope Zope	=2.8.0-a1
Zope Zope	=2.8
Zope Zope	=2.11.5
Zope Zope	=2.8.1-final
Zope Zope	=2.11.2
Zope Zope	=2.9.1
Zope Zope	=2.10.0-c1
Zope Zope	=2.8.9
Zope Zope	=2.11.0
Zope Zope	=2.8.0-final
Zope Zope	=2.8.0-a2
Zope Zope	=2.11.0a1
Zope Zope	=2.10.2-b1
Zope Zope	=2.10.2
Zope Zope	=2.9.0
Zope Zope	=2.8.5
Zope Zope	=2.8.2
Zope Zope	=2.10.3-final
Zope Zope	=2.8.6
Zope Zope	=2.12.2
Zope Zope	=2.8.0-b1
Zope Zope	=2.8.1-b1
Zope Zope	=2.9.7
Zope Zope	=2.9.6
Zope Zope	=2.10.0-b2
Zope Zope	=2.9.10
Zope Zope	=2.8.3
Zope Zope	=2.9.3
Zope Zope	=2.10.3
Zope Zope	=2.8.1
Zope Zope	=2.8.4
Zope Zope	=2.10.6
Zope Zope	=2.9.0-b1
Zope Zope	=2.10.9
Zope Zope	=2.10.0-final
Zope Zope	=2.10.2-final
Zope Zope	=2.11.4
Zope Zope	=2.11.0b1
Zope Zope	=2.8.10
Zope Zope	=2.12.1
Zope Zope	=2.8.7
Zope Zope	=2.9.8
Zope Zope	=2.9.9

Remedy

http://www.vupen.com/english/advisories/2010/0104

Remedy

https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/zope
canonical/zope zope
version/zope zope/2.8.0
version/zope zope/2.9.11
version/zope zope/2.8.8
version/zope zope/2.10.8
version/zope zope/2.10.5
version/zope zope/2.8.9.1
version/zope zope/2.10.4-final
version/zope zope/2.9.0-b2
version/zope zope/2.11.1
version/zope zope/2.8.11
version/zope zope/2.10.7
version/zope zope/2.11.3
version/zope zope/2.9.2
version/zope zope/2.10.10
version/zope zope/2.8.0-b2
version/zope zope/2.10.11
version/zope zope/2.10.0-b1
version/zope zope/2.11.0c1
version/zope zope/2.12.0
version/zope zope/2.9.4
version/zope zope/2.9.5
version/zope zope/2.8.0-a1
version/zope zope/2.8
version/zope zope/2.11.5
version/zope zope/2.8.1-final
version/zope zope/2.11.2
version/zope zope/2.9.1
version/zope zope/2.10.0-c1
version/zope zope/2.8.9
version/zope zope/2.11.0
version/zope zope/2.8.0-final
version/zope zope/2.8.0-a2
version/zope zope/2.11.0a1
version/zope zope/2.10.2-b1
version/zope zope/2.10.2
version/zope zope/2.9.0
version/zope zope/2.8.5
version/zope zope/2.8.2
version/zope zope/2.10.3-final
version/zope zope/2.8.6
version/zope zope/2.12.2
version/zope zope/2.8.0-b1
version/zope zope/2.8.1-b1
version/zope zope/2.9.7
version/zope zope/2.9.6
version/zope zope/2.10.0-b2
version/zope zope/2.9.10
version/zope zope/2.8.3
version/zope zope/2.9.3
version/zope zope/2.10.3
version/zope zope/2.8.1
version/zope zope/2.8.4
version/zope zope/2.10.6
version/zope zope/2.9.0-b1
version/zope zope/2.10.9
version/zope zope/2.10.0-final
version/zope zope/2.10.2-final
version/zope zope/2.11.4
version/zope zope/2.11.0b1
version/zope zope/2.8.10
version/zope zope/2.12.1
version/zope zope/2.8.7
version/zope zope/2.9.8
version/zope zope/2.9.9

CVE-2010-1104: XSS

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact