Description

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Remediation

References

CVE-2000-1211

Related Vulnerabilities

WordPress Plugin BBS e-Franchise SQL Injection (1.1.1)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40600)

Backbone.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10537)

SharePoint CVE-2024-30043 Vulnerability (CVE-2024-30043)

Severity

High

Classification

CVE-2000-1211

Tags

Missing Update Known Vulnerabilities