SB2017072919 - Cross-site scripting in Zope
Published: July 29, 2017 Updated: June 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cross-site scripting (CVE-ID: CVE-2007-0240)
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in Zope 2.10.2 and earlier. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
- http://secunia.com/advisories/24017
- http://secunia.com/advisories/24713
- http://secunia.com/advisories/25239
- http://www.debian.org/security/2007/dsa-1275
- http://www.securityfocus.com/bid/23084
- http://www.vupen.com/english/advisories/2007/1041
- http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33187