Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Remediation

References

CVE-2000-0725

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43723)

WordPress Plugin SendGrid Security Bypass (1.11.8)

IBM WebSEAL Other Vulnerability (CVE-2023-30997)

WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.0.15)

Severity

High

Classification

CVE-2000-0725

Tags

Missing Update Known Vulnerabilities