Cross-site scripting in Zope - CVE-2007-0240
Published: July 29, 2017 / Updated: June 17, 2025
Vulnerability identifier: #VU111187
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2007-0240
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zope
Affected software:
Zope
Zope
Detailed vulnerability description
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in Zope 2.10.2 and earlier. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
How to mitigate CVE-2007-0240
Install update from vendor's website.
Sources
- http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
- http://secunia.com/advisories/24017
- http://secunia.com/advisories/24713
- http://secunia.com/advisories/25239
- http://www.debian.org/security/2007/dsa-1275
- http://www.securityfocus.com/bid/23084
- http://www.vupen.com/english/advisories/2007/1041
- http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33187