CVE-2011-4924

Summary

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Affected Software

VendorProductVersion RangeStatus
zopezope2, zope32.8.x before 2.8.12affected
zopezope2, zope32.9.x before 2.9.12affected
zopezope2, zope32.10.x before 2.10.11affected
zopezope2, zope32.11.x before 2.11.6affected
zopezope2, zope3and 2.12.x before 2.12.3affected
zopezope2, zope33.1.1through 3.4.1affected

Weaknesses

  • Incomplete upstream patch for CVE-2010-1104 issue

ADP Enrichment

CVE Program Container

Additional References

References