Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Remediation

References

CVE-2000-0725

Related Vulnerabilities

Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities (1.6.0 - 1.6.3)

WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)

React Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6341)

WordPress Plugin Avenir-soft Direct Download Multiple Vulnerabilities (1.0)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1041)

Severity

High

Classification

CVE-2000-0725

Tags

Missing Update Known Vulnerabilities