Description

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Remediation

References

CVE-2011-4924

Related Vulnerabilities

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-27316)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2865)

Oracle Database Server CVE-2013-3771 Vulnerability (CVE-2013-3771)

Internet Information Services Other Vulnerability (CVE-2002-1744)

WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)

Severity

Medium

Classification

CVE-2011-4924 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities