CVE-2011-4924

CVE Database · CVE-2011-4924

CVE-2011-4924

· MEDIUMModified

CVSS v3.1

6.1

EPSS

1.35%

Published

Nov 25, 2019

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (6)

zope · zope (up to 2.8.12)vulnerable

zope · zope (up to 2.9.12)vulnerable

zope · zope (up to 2.10.11)vulnerable

zope · zope (up to 2.11.6)vulnerable

zope · zope (up to 2.12.3)vulnerable

zope · zopevulnerable

References (14)